Post form update error to mysql using php

Question

I'm trying to update a form to mysql database with php but when i add values to the input fields they're posted empty. This is the error:

Error Save [UPDATE Customers SET Forename = '', Surename = '', Father = '', ID = '', AMKA = '', Address = '', AddressNumber = '', PostCode = '', Area = '', City = '', WHERE CustomerCode = '4']

As you can see the GET for the customer code works fine but the POST is not working.

Here is my code for the edit form:

<?php

$conn = new mysqli('localhost', 'root', 'password','erp');

if ($conn->connect_errno) {
    die('Could not connect: ' . $conn->connect_error);
}

$id = $_GET['CustomerCode'];
$sql = $conn->query("SELECT Forename, Surename, FathersName, IDNumber, AMKA, Address, AddressNumber, PostCode, Area FROM Customers WHERE CustomerCode= '$id'");
$sqlList = $conn->query("SELECT City FROM Customers");
$row = $sql->fetch_array();

?>

<form action="SavedRecord.php?CustomerCode=<?php echo $id; ?>" method="post">
    <table>
        Name: <input type="text" name="Name" value="<?php echo $row['Forename']; ?>">
        Surename: <input type="text" name="Surename" value="<?php echo $row['Surename']; ?>">
        Father: <input type="text" name="Father" value="<?php echo $row['FathersName']; ?>">
        ID: <input type="text" name="ID" value="<?php echo $row['IDNumber']; ?>">
        AMKA: <input type="text" name="AMKA" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['AMKA']; ?>">
        Address: <input type="text" name="Address" value="<?php echo $row['Address']; ?>">
        Address Number: <input type="text" name="AddressNumber" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['AddressNumber']; ?>">
        PostCode: <input type="text" name="PostCode" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['PostCode']; ?>">
        Area: <input type="text" name="Area" value="<?php echo $row['Area']; ?>">
        City: <select name="Cities">
                    <option>Select
                        <?php while($list = mysqli_fetch_array($sqlList)) { ?>
                            <option value="<?php echo $list['City']; ?>"><?php echo $list['City']; ?></option>
                                <?php if($list['City'] == $select) { echo $list['City']; } ?>
                            </option>
                        <?php } ?>
                    </option>
              </select>
    </table>
    <input type="submit" value="Update">
</form>

And the update form:

<?php

$conn = new mysqli('localhost', 'root', 'password','erp');

if ($conn->connect_errno) {
    die('Could not connect: ' . $conn->connect_error);
}

print_r($_POST);

$name = $_POST['Name'];
$surename = $_POST['Surename'];
$father = $_POST["Father"];
$id = $_POST["ID"];
$amka = $_POST["AMKA"];
$address = $_POST["Address"];
$addressNum = $_POST["AddressNumber"];
$postcode = $_POST["PostCode"];
$area = $_POST["Area"];
$city = $_POST["City"];
$customerCode = $_GET["CustomerCode"];

$updData = "UPDATE Customers SET 
            Forename = '$name',
            Surename = '$surename',
            Father = '$father',
            ID = '$id',
            AMKA = '$amka',
            Address = '$address',
            AddressNumber = '$addressNum',
            PostCode = '$postcode',
            Area = '$area',
            City = '$city',
            WHERE CustomerCode = '$customerCode'";

$updQuery = $conn->query($updData);

if($updQuery) {

    echo "Data Updated";
} else {

    echo "Error Save [".$updData."]";
}

?>

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared statement and parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Aug 14 '16 at 18:44
As you are not actually populating a table try removing `` and `
` — RiggsFolly, Aug 14 '16 at 18:48
@Atlas If this is a practice project, I'd strongly encourage you to practice writing queries correctly: Use [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. If you develop a discipline about doing things correctly the first time you waste far less time in the future hunting down single character mistakes. Saving time by being sloppy often comes back to haunt you in a huge way in the future. — tadman, Aug 14 '16 at 21:41

score 0 · Answer 1 · answered Aug 14 '16 at 19:20

Your Error is you have misspelled the table field values. Have a check below and replace the code in the WITH Section

Replace

$updData = "UPDATE Customers SET 
            Forename = '$name',
            Surename = '$surename',
            Father = '$father',
            ID = '$id', // here is your error the field name is not ID it is IDNumber
            AMKA = '$amka',
            Address = '$address',
            AddressNumber = '$addressNum',
            PostCode = '$postcode',
            Area = '$area',
            City = '$city',
            WHERE CustomerCode = '$customerCode'";

With

$updData = "UPDATE Customers SET 
            Forename = '$name',
            Surename = '$surename',
            FathersName = '$father',
            IDNumber = '$id',
            AMKA = '$amka',
            Address = '$address',
            AddressNumber = '$addressNum',
            PostCode = '$postcode',
            Area = '$area',
            City = '$city',
            WHERE CustomerCode = '$customerCode'";

Provided all the update process will work if the submit button is been given a name **** and called in the SavedRecord.php page. `if(isset($_POST['update'])){ // Update Code goes here with all the post options and queries }` — Naresh Kumar P, Aug 14 '16 at 19:25
Code above still contains at least one error. And does not explain why all the posted fields are empty! — RiggsFolly, Aug 14 '16 at 20:23

score 0 · Answer 2 · answered Aug 15 '16 at 04:44

Here i will provide with the Exact output that is needed for you and i have tested it in my local-host and working fine.

Edit form Page:

<?php
$conn = new mysqli('localhost', 'root', '','erp');
if ($conn->connect_errno) {
    die('Could not connect: ' . $conn->connect_error);
}
$id = $_GET['CustomerCode'];
$sql = $conn->query("SELECT Forename, Surename, FathersName, IDNumber, AMKA, Address, AddressNumber, PostCode, Area, City FROM Customers WHERE CustomerCode= '$id'");
$sqlList = $conn->query("SELECT City FROM Customers");
$row = $sql->fetch_array();

?>

<form action="SavedRecord.php?CustomerCode=<?php echo $id; ?>" method="post">
    <table>
        Name: <input type="text" name="Name" value="<?php echo $row['Forename']; ?>">
        Surename: <input type="text" name="Surename" value="<?php echo $row['Surename']; ?>">
        Father: <input type="text" name="Father" value="<?php echo $row['FathersName']; ?>">
        ID: <input type="text" name="ID" value="<?php echo $row['IDNumber']; ?>">
        AMKA: <input type="text" name="AMKA" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['AMKA']; ?>">
        Address: <input type="text" name="Address" value="<?php echo $row['Address']; ?>">
        Address Number: <input type="text" name="AddressNumber" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['AddressNumber']; ?>">
        PostCode: <input type="text" name="PostCode" onkeypress="return event.charCode >= 48 && event.charCode <= 57" value="<?php echo $row['PostCode']; ?>">
        Area: <input type="text" name="Area" value="<?php echo $row['Area']; ?>">
        City: <select name="Cities">
                    <option>Select
                        <?php while($list = mysqli_fetch_array($sqlList)) { ?>
                            <option value="<?php echo $list['City']; ?>" <?php if($list['City']==$row['City']){echo 'selected="selected"';} ?>><?php echo $list['City']; ?></option>                               
                            </option>
                        <?php } ?>
                    </option>
              </select>
    </table>
    <input type="submit" value="Update">
</form>

SavedRecord.php

<?php

$conn = new mysqli('localhost', 'root', '','erp');

if ($conn->connect_errno) {
    die('Could not connect: ' . $conn->connect_error);
}

print_r($_POST);

$name = $_POST['Name'];
$surename = $_POST['Surename'];
$father = $_POST["Father"];
$id = $_POST["ID"];
$amka = $_POST["AMKA"];
$address = $_POST["Address"];
$addressNum = $_POST["AddressNumber"];
$postcode = $_POST["PostCode"];
$area = $_POST["Area"];
$city = $_POST["Cities"];
$customerCode = $_GET["CustomerCode"];

$updData = "UPDATE Customers SET 
            Forename = '$name',
            Surename = '$surename',
            FathersName = '$father',
            IDNumber = '$id',
            AMKA = '$amka',
            Address = '$address',
            AddressNumber = '$addressNum',
            PostCode = '$postcode',
            Area = '$area',
            City = '$city's
            WHERE CustomerCode = '$customerCode'";

$updQuery = $conn->query($updData);

if($updQuery) {

    echo "Data Updated";
} else {

    echo "Error Save [".$updData."]";
}

?>

This code works perfect. have it a try and let me know if any hurdles happens to you again.

Still sends blank. I can't understand how is this working to you and not to me? It drives me crazy... — Atlas, Aug 15 '16 at 14:38
Are u using the same code that i have posted. It will work sure. Since i have tested alone and posted it. Orelse you make a runnable version in some online portals so that i could edit and make this fault rectified. — Naresh Kumar P, Aug 15 '16 at 15:53

Post form update error to mysql using php

2 Answers2