Database does not update, mysql_error does not show errors

Question

I've seen the related solutions about this and tried it but none of those works. This is my code for Updating Database, the mysql_error shows no sign of error. Don't know what to do. Help!

    <?php 
        mysql_select_db("dbUsers");     
        if(isset($_POST['btnSave'])){

        $firstname=$_POST['firstname'];
        $lastname=$_POST['lastname'];
        $address=$_POST['address'];

        $query1 =("UPDATE `webuser` SET `firstname`='".$firstname."',
                `lastname`='".$lastname."',`address`='".$address."'
                 WHERE empNo = '".$selEmp."' ");

        $result = mysql_query($query1) or die(mysql_error());
        }
        mysql_close($conn);

   ?>

Echo the statement and put exit after the update line and check.. Whether all the particulars that are to be updated are present in the query. — Naresh Kumar P, Aug 28 '16 at 08:25
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) that has been [removed](http://php.net/manual/en/mysql.php) from PHP. You should select a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 28 '16 at 08:36
@NareshKumar.P thank you. I've seen the error. the empNo is not showing, I'm still trying to figure why. I can echo it but I can't use it in query. — eshi, Aug 28 '16 at 08:47
have updated the query @eshi. And you could find how to pass the Emp_id from HTML Form while updating the particular row in the DB. — Naresh Kumar P, Aug 28 '16 at 10:17

score 1 · Answer 1 · answered Aug 28 '16 at 08:33

1

Instead of using mysql go for mysqli as it preffered and secured.

use the below code for connection (create variable with its values)

$conn = mysqli_connect($servername, $username, $password, $dbname);

For update quesry... use

$sql = "UPDATE webuser SET firstname='".$firtname."' WHERE empNo='".$selEmp."';

and to Query use...

mysqli_query($conn, $sql)

I have not mentioned your whole code but hope you understand it now.

answered Aug 28 '16 at 08:33

Vivek Tiwari

27
4

1

fyi, This is vulnerable to [SQL injection attacks](http://bobby-tables.com/). Please use prepared queries with parameters. – Ryan Vincent Aug 28 '16 at 09:28
Thank you Vivek. I have fix the problem tho :) – eshi Aug 28 '16 at 10:24
it is just part of it and thanks for your comment .. @RyanVincent – Vivek Tiwari Aug 28 '16 at 10:25

Naresh Kumar P · Accepted Answer · 2016-08-28T10:16:21.873

Change the update query like this. Since the braces are not allowed.

Ensure that your empNo is present at the time while updating.

<?php
mysql_select_db("dbUsers");     
if(isset($_POST['btnSave'])){
$selEmp = $_POST['emp_id'];
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$address=$_POST['address'];
$query1 ="UPDATE `webuser` SET `firstname`='".$firstname."',
`lastname`='".$lastname."',`address`='".$address."'
WHERE empNo = '".$selEmp."'";    
$result = mysql_query($query1) or die(mysql_error());
}
mysql_close($conn);
?>

<form method="POST" action="">
    <input type="hidden" name="emp_id" value="<?php echo $data['id']; ?>" />
    <input type="text" name="firstname" value="<?php echo $data['firstname']; ?>" />
    <input type="text" name="lastname" value="<?php echo $data['lastname']; ?>" />
    <textarea name="address"><?php echo $data['address']; ?></textarea>
    <input type="submit" name="btnSave" value="UPDATE" />
</form>

Thank you Naresh. I have fix the problem tho. the variable i need is not accesible inside the isset function so what I did is I made a hidden input then pass the value there and get it. Thank you again :) — eshi, Aug 28 '16 at 10:23

Kostas Mitsarakis · Answer 3 · 2016-08-28T09:29:03.153

0

To avoid SQL Injections and the deprecated mysql_* functions use PDO with prepared statements:

define('DB_HOST', 'localhost');
define('DB_NAME', 'dbUsers');
define('DB_USER', 'your_username');
define('DB_PASSWORD', 'your_password');

try {
    //Make your connection handler to your database
    $conn = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $address = $_POST['address'];

    $sql = "UPDATE webuser SET firstname = :firstname, lastname = :lastname, address = :address WHERE empNo = :emp_no";
    $stmt = $conn->prepare($sql);
    $stmt->execute(array(':firstname' => $firstname, ':lastname' => $lastname, ':address' => $address, ':emp_no' => $selEmp));

} catch(PDOException $e) {
    echo $e->getMessage();
    die();
}

More info here.

edited Aug 28 '16 at 09:29

answered Aug 28 '16 at 09:04

Kostas Mitsarakis

4,772
3
23
37

Where is the catch? – Kostas Mitsarakis Aug 28 '16 at 09:15
Thank you Kostas, I have fix the problem tho. :) – eshi Aug 28 '16 at 10:25
Nice. Keep in mind to check about the PDO and how to avoid SQL Injection. – Kostas Mitsarakis Aug 28 '16 at 10:28

Database does not update, mysql_error does not show errors

3 Answers3