SQL update for specific user

Question

I am working on a user account system and I am needing to update records in a SQL database. I have tried looking it up but all the solutions I have found don't seem to work. My table looks something like this

   userId userName userCoins
     30      Bob       0

And I am wanting to update the userName so it looks like this

userId userName userCoins
 30      jim       0

-

<?php
    ob_start();
    session_start();
    include_once 'dbconnect.php';

    $res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
    $userRow=mysql_fetch_array($res);
    if ( isset($_POST['btn-signup']) ) {
        //This is where I am trying to update

        UPDATE users SET userName = 'jim' WHERE userCoins=0;
    }
?>
<!DOCTYPE html>
<html>
    <?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
    <head></head>
    <body>
        <center>
        <h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
            <div class="form-group">
                <div class="input-group">
                    <span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
                    <input type="text" id="emp_id" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
                    <span class="text-danger"><?php echo $error; ?></span>
                </div>
            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-block btn-primary" name="btn-signup">Sign Up</button>
            </div>
        </center>
    </body>
</html>
<?php ob_end_flush(); ?>

Why are you updating based on `userCoins = 0`? This will update EVERY user's name that has zero (no) coins. Is that really what you want to do? — Charles Bretana, Nov 14 '16 at 16:39
Well I just used it for an example. I will use the current user logged in and change that specific value. — MCC, Nov 14 '16 at 16:40
***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Nov 14 '16 at 16:40
just apply the similar method you used for your SELECT. what you posted seems like pseudo code to me. You can't just do `if ( isset($_POST['btn-signup']) ) { //This is where I am trying to update UPDATE users SET userName = 'jim' WHERE userCoins=0; }` — Funk Forty Niner, Nov 14 '16 at 16:42

Funk Forty Niner · Accepted Answer · 2016-11-14T16:49:36.650

2

You need to use the function and use quotes around it as you did (similarly) for the SELECT:

if ( isset($_POST['btn-signup']) ) {
        //This is where I am trying to update

       mysql_query("UPDATE users SET userName = 'jim' WHERE userCoins=0");
    }

You're also using an old API and are open to an sql injection.

Use a prepared statement.

References:

and as stated in comments:

Why are you updating based on userCoins = 0? This will update EVERY user's name that has zero (no) coins. Is that really what you want to do? – Charles Bretana

So, you may have to add an additional clause.

You also need to make sure that the $_SESSION['user'] array does indeed contain a value. Otherwise, your query will fail.

Check for errors:

http://php.net/manual/en/function.mysql-error.php (on the query)
http://php.net/manual/en/function.error-reporting.php (on php)

edited Nov 14 '16 at 16:49

answered Nov 14 '16 at 16:44

Funk Forty Niner

74,450
15
68
141

When I put this in the database still doesn't update, I made it more specific here: mysql_query("UPDATE users SET userName = 'jim' WHERE userId=30") – MCC Nov 14 '16 at 16:50
@MorganClarke I edited my answer with links to show you what to do; your query may have very well failed. – Funk Forty Niner Nov 14 '16 at 16:51
I know for a fact that the $res works as I am using data from the table elsewhere on the page – MCC Nov 14 '16 at 16:53
@MorganClarke I feel like you're not telling us the whole story and how you're wanting to do this. I say this because of the additional input here ` – Funk Forty Niner Nov 14 '16 at 16:56
I have just noticed that when I refresh the page the PHP code is automatically run. Even when I haven't pressed the button. if ( isset($_POST['send']) ) { if ( ! empty($_POST['sender'])){ $name = $_POST['sender']; } if ( ! empty($_POST['reciever'])){ $name = $_POST['reciever']; } $query = "UPDATE users SET userCoins = userCoins + 1 WHERE userName='Morgan'"; $res = mysql_query($query); if ($res) { $error = "Success!"; } else { $error = "Something Went Wrong!"; } } – MCC Nov 14 '16 at 17:26
@MorganClarke I don't see any inputs matching those in your question. I would suggest that you make up a new question with the complete code you're using, since this one was originally answered pertaining to what was posted and wanting to update a table. If you go an overwrite this question, you will completely deface it and the answer(s) given stand to get downvoted for it; nobody really appreciates that ;-) – Funk Forty Niner Nov 14 '16 at 17:29
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/128084/discussion-between-morgan-clarke-and-fred-ii). – MCC Nov 14 '16 at 17:36

score 0 · Answer 2 · answered Nov 14 '16 at 16:39

0

You can write your query as:

UPDATE users SET userName = 'jim' WHERE userId=30;

answered Nov 14 '16 at 16:39

Amit Gupta

17,072
4
41
53

2

they already have that; they're not doing what they should be doing and you missed that. Here, see for yourself `if ( isset($_POST['btn-signup']) ) { //This is where I am trying to update UPDATE users SET userName = 'jim' WHERE userCoins=0; }` – Funk Forty Niner Nov 14 '16 at 16:40
When I use this I get an ERROR: Parse error: syntax error, unexpected 'users' (T_STRING) on the update line – MCC Nov 14 '16 at 16:42
UPDATE users SET userName = 'jim' WHERE userId=32; – MCC Nov 14 '16 at 16:46
Make sure you are using it inside the `mysql_query` function as `mysql_query("UPDATE users SET userName = 'jim' WHERE userId=32");` – Amit Gupta Nov 14 '16 at 16:48

SQL update for specific user

2 Answers2