Update not working PHP MYSQL CRUD

Question

I have this PHP code, when I try to click the yes button and check the database.The value remains the same. Is there something I am doing wrong? I also check my SQL query and it seems to be working fine but when I incorporate it in the php code . It is not working anymore?

<?php
    require 'database.php';
    $id = 0;

    if ( !empty($_GET['gpx_field_id'])) {
        $id = $_REQUEST['gpx_field_id'];
    }

    if ( !empty($_POST)) {
        // keep track post values
        $id = $_POST['gpx_field_id'];

        // delete data
        $pdo = Database::connect();
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "UPDATE field_info SET verify = '1' WHERE gpx_field_id = ? ";
        $q = $pdo->prepare($sql);
        $q->execute(array($id));
        Database::disconnect();
        header("Location: index.php");

    }
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <link   href="assets/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <script src="assets/bootsrap/js/bootstrap.min.js"></script>
</head>

<body>
    <div class="container">

                <div class="span10 offset1">
                    <div class="row">
                        <h3>Verify a Field</h3>
                    </div>

                    <form class="form-horizontal" action="verify.php" method="post">
                      <input type="hidden" name="gpx_field_id" value="<?php echo $id;?>"/>
                      <p class="alert alert-error">Are you sure to verify this field ?</p>
                      <div class="form-actions">
                          <button type="submit" class="btn btn-danger">Yes</button>
                          <a class="btn btn-danger" href="index.php">No</a>
                        </div>
                    </form>
                </div>

    </div> <!-- /container -->
  </body>
</html>

possible duplicate of http://stackoverflow.com/questions/18323065/update-query-with-pdo-and-mysql ?? — Pardeep Poria, May 11 '16 at 09:05

Sanjay Chaudhari · Answer 1 · 2016-05-11T10:12:01.617

0

Here I assume your query is working fine so Please change your php code as below...

<?php
    require 'database.php';
    $id = 0;

    if ( !empty($_GET['gpx_field_id'])) {
        $id = $_REQUEST['gpx_field_id'];
    }

    if ( !empty($_POST)) {
        try {
                $pdo = Database::connect();
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                $sql = "UPDATE field_info SET verify = '1' WHERE gpx_field_id IN :id ";
                $q = $pdo->prepare($sql);
                $q->execute(array($id));
                Database::disconnect();
                header("Location: index.php");
        }
        catch(PDOException $e) {
            echo $e->getMessage();
        }
    }
?>

Hope it will help you.

edited May 11 '16 at 10:12

answered May 11 '16 at 09:04

Sanjay Chaudhari

420
4
13

1

Never use `$_REQUEST`! That will take `GET`, `POST` and `COOKIE` input, someone could set a cookie called `gpx_field_id` and get that query to run whatever they want. – Styphon May 11 '16 at 09:06
@SanjayChaudhari that is what bothering me because I am not getting any error. its just run but the update is not working. – Sandy Pabilonia May 11 '16 at 09:27
@SanjayChaudhari still nothing. I will retry to fix it. I will let you know. Thanks sanjay. – Sandy Pabilonia May 11 '16 at 10:08
@Sandy Pabilonia, might be you have to use the IN clause in where condition. I have updated answer again so please check now. – Sanjay Chaudhari May 11 '16 at 10:12
@SanjayChaudhari With the updated code I am having this error SQLSTATE[HY093]: Invalid parameter number: parameter was not defined – Sandy Pabilonia May 12 '16 at 01:19
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/111694/discussion-between-sandy-pabilonia-and-sanjay-chaudhari). – Sandy Pabilonia May 12 '16 at 05:56

score 0 · Answer 2 · answered May 11 '16 at 14:03

0

You specify $id = 0 at the top, but it is never updated to some 'real' value. Therefore, the form is populated with

<input type="hidden" name="gpx_field_id" value="0"/>

and thus gpx_field_id always remains 0. Then, your query will update all rows with WHERE gpx_field_id = 0. Most probably, those rows will not exist...

You do need to get a proper value for $id before you insert it in the form.

On a side-note, since you are using html5 (<!DOCTYPE html>), the closing tag for input should be omitted. Write instead: <input type="hidden" ... >, leaving out the forward slash, just as you did with the meta and link tags in the head section.

answered May 11 '16 at 14:03

Marten Koetsier

3,389
2
25
36

with regards to $id = 0. isn't it it is the work of this code to change the value of $id to what is in the input gpx_field_id if (isset($_REQUEST['gpx_field_id'])) { // keep track post values $id = $_REQUEST['gpx_field_id']; – Sandy Pabilonia May 12 '16 at 01:23
How do I get a proper value for $id? – Sandy Pabilonia May 12 '16 at 07:18
Getting the right value for `$id` is something you need to think about: on what basis do you select the field? I mean: how do you know which `gpx_field` you want to show? – Marten Koetsier May 12 '16 at 08:44

Update not working PHP MYSQL CRUD

2 Answers2