-1

My php won't update my products table. I know my GET request worked as I tested it with echo to display the id. I am confused as to how I can get it to work? I think it may be something to do with the form action= on my form but I am confused! Can someone please help?

<?php
// Connection file
require 'db.php';

if (((!empty($_GET["mode"])) && (!empty($_GET["id"]))) && ($_GET["mode"] == "update")) { 
    // If update
    echo $_GET['id'];
    if (isset($_POST["updateSubmit"])) {
        $pName = $_POST["updateProductName"];
        echo $pName;

        $query = "UPDATE products "
                . "SET p_name = '" . $_POST["updateProductName"] . "', "
                . "p_type = '" . $_POST["updateProductType"] . "', "
                . "p_desc = '" . $_POST["updateProductDesc"] . "', "
                . "p_price = '" . $_POST["updateProductPrice"] . "', "
                . "p_stock = " . $_POST["updateProductStock"] . ", "
                . "WHERE id=" . $_GET['id'] . ";";
        $result = mysqli_query($conn, $query);
    }
}
?>


<div>
    <form id="updateForm" name="updateForm" action="<?php echo "?mode=update&id=" . $productDetails["id"]; ?>" method="post">
        <label>Product name:</label><br>
                <input type="text" name="updateProductName"><br>
        <label>Product type</label><br>
                <select name="updateProductType">
                    <option value="Jackets/coats">Jackets/coats</option>
                    <option value="Accessories">Accessories</option>
                    <option value="Shirts">Shirts</option>
                    <option value="Jeans">Jeans</option>
                    <option value="Trousers">Trousers</option>
                    <option value="Shoes">Shoes</option>
                    <option value="Suits">Suits</option>
                </select>
            <p>Product description:</p>
                <textarea name="updateProductDesc" rows="10" cols="30"></textarea><br>
        <label>Product price:</label><br>
            <input type="text" name="updateProductPrice"><br>
        <label>Stock level:</label><br>
            <input type="text" name="updateProductStock"><br>
            <input type="submit" name="updateSubmit" value="Submit">
   </form>
</div>
<?php


?>

Manoj Sharma
  • 1,467
  • 2
  • 13
  • 20
JB2000
  • 7
  • 5
  • try change your method `method="GET"` – Boby Dec 08 '16 at 04:11
  • 1
    @Boby That won't work with all the `$_POST` values – Sean Dec 08 '16 at 04:15
  • 4
    If you used `mysqli_error($conn)`, you would find that you need to remove the `,` at the end of `. "p_stock = " . $_POST["updateProductStock"] . ", "`, as you shouldn't have a comma before your `WHERE` – Sean Dec 08 '16 at 04:17
  • 4
    You are open to SQL injections. Dont put user input in SQL. See http://php.net/manual/en/mysqli.quickstart.prepared-statements.php and/or http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 Dec 08 '16 at 04:21
  • `echo $query` and see what query is made?\ – Akshay Dec 08 '16 at 05:26
  • what are the types of p_stock and p_price in your database ? – Farzad Salimi Jazi Dec 08 '16 at 08:13

2 Answers2

0

I think the problems are misusing of ' in one or both of these lines

 . "p_price = '" . $_POST["updateProductPrice"] . "', "
 . "p_stock = " . $_POST["updateProductStock"] . ", "

If the type is string you need to use ' as you used in p_price otherwise if it is float or int you should not use ' as you did for p_stock.

It seems you used wrong for these two field. Since the p_price would be float and p_stock is string.

 . "p_price = " . $_POST["updateProductPrice"] . ", "
 . "p_stock = '" . $_POST["updateProductStock"] . "' , "
Farzad Salimi Jazi
  • 760
  • 10
  • 25
0

There are two issues with your query...

You Have one extra comma before the Where Section and your missing delimeters on p_stock.

Should be: "p_stock = '" . $_POST["updateProductStock"] . "' " and . "WHERE id='" . $_GET['id'] . "'";

pmoreira
  • 113
  • 1
  • 9