0

I've been searching questions about but unfortunatelly withotr success. The issue is that the folowing query in php to update a row does not work and gives no error, but when try the query in SQL (mysql) directly works fine... Could someone see where the error is?

query: 

include('conexion.php');

$id_recibo=$_POST["id_recibo"];
$id_usuario=$_POST["id_usuario"];
$id_estado='2';

mysqli_query("UPDATE recibo SET id_estado = '$id_estado' WHERE id_recibo = '$id_recibo'");
Josh
  • 1
  • 1
  • I bet in your search you found plenty of "it does not work" with lack of detail too, no? – Drew Oct 24 '16 at 17:38
  • is there any error showing while you run code? – Ashok Chandrapal Oct 24 '16 at 17:39
  • 1
    RTFM --> http://php.net/manual/en/mysqli.query.php – Qirel Oct 24 '16 at 17:39
  • 4
    Side note: You should really read up on [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php), your code is currently susceptible to SQL-Injection attacks. – Mureinik Oct 24 '16 at 17:40
  • Ok, can you show your `conexion.php` file? – Sam Orozco Oct 24 '16 at 17:41
  • the conexion works correctly as is the same file as I use in other pages that work correct. The issue is that no error is given by mysqli and the query is correct as I put directly the query at the data base and updates the row... – Josh Oct 24 '16 at 17:46
  • you need to use `prepare statements` and `bind parameter` for prevent SQL injection. Follow this structure: `$update = $db->prepare(" UPDATE recibo SET id_estado = :id_estado WHERE id_recibo = :id_recibo "); $update->bindParam(':id_estado', $id_estado); $update->bindParam(':id_recibo', $id_recibo); $update->execute();` – Mohammad Nurul Huda Rimon Oct 24 '16 at 17:52
  • Thank you Rimon, I will check the code to avoid sql injection. – Josh Oct 24 '16 at 18:08
  • See what @Qirel posted. Look at Procedural style. Follow the dupe close link (at the top of your question) and implement what YCS shows. Show all that (or you probably won't need to as it will solve your problem). – Drew Oct 24 '16 at 18:10

0 Answers0