Inserting PHP variable into SQL query

Question

I have received an ID from a get request and put it into new variable $id. I am trying to include this variable in an SQL query but it doesn't work. It does however work when I hardcode the ID.

This works fine.

$query = "UPDATE products SET p_name = " . "'TEST' WHERE p_id=000007;";

The following code does NOT work. Can anyone explain it?

$query = "UPDATE products SET p_name = " . "'TEST' WHERE p_id=" . $id . ";";

All of my code if anyone can help:

        <?php

        // Connection file
        //require 'db.php';

        // Create connection
        $conn = mysqli_connect($servername, $username, $password, $dbname);

        // Check Connection
        if (!$conn) {
            die("Connection failed: " . mysqli_connect_error());
        }

            $id = $_GET['id'];
            echo $id;


                if (isset($_POST["updateSubmit"])) {



                $query = "UPDATE products SET p_name = " . "'TEST' WHERE p_id=" . $id . ";";


                $result = mysqli_query($conn, $query);
            }


            ?>


    <div>
        <form id="updateForm" name="updateForm" action="update.php" method="post">
            <label>Product name:</label><br>
                <input type="text" name="updateProductName"><br>
            <label>Product type</label><br>
                <select name="updateProductType">
                    <option value="Jackets/coats">Jackets/coats</option>
                    <option value="Accessories">Accessories</option>
                    <option value="Shirts">Shirts</option>
                    <option value="Jeans">Jeans</option>
                    <option value="Trousers">Trousers</option>
                    <option value="Shoes">Shoes</option>
                    <option value="Suits">Suits</option>
                </select>
            <p>Product description:</p>
                <textarea name="updateProductDesc" rows="10" cols="30"></textarea><br>
            <label>Product price:</label><br>
                <input type="text" name="updateProductPrice"><br>
            <label>Stock level:</label><br>
                <input type="text" name="updateProductStock"><br>
                <input type="submit" name="updateSubmit" value="Submit">
        </form>
    </div>

    <?php





     ?>

I have used this link from another page which contains the ID.

<a href="update.php?mode=update&id=<?php echo $productDetails['p_id']; ?>"
                       title="Update <?php echo $productDetails['p_name']; ?>">Update</a>

I have passed the id from another page. On this page I put that ID into new variable $id and then echo to check it worked. — JB2000, Dec 08 '16 at 06:30
`error_reporting(E_ALL);` would very likely tell you "*Undefined index 'id'...*" from the `$_GET['id']`. When you submit the form, it only sends data to `action="update.php"`, so the GET parameters you had before will be removed. You'll need something like `action="update.php?id=7"` — Qirel, Dec 08 '16 at 06:32
Can you please echo your $query?and check it directly with database — Shanu k k, Dec 08 '16 at 06:33
@JB2000-echo your $query and show us i din't get you logic.are you using POST value from form and id from another page? — Shanu k k, Dec 08 '16 at 06:42
Yes I am using GET to get ID from another page, the form isn't in use yet I just want the query to work first. — JB2000, Dec 08 '16 at 06:46

score 2 · Answer 1 · answered Dec 08 '16 at 06:32

2

You didn't get id because there is no id in your url

<form id="updateForm" name="updateForm" action="update.php?id=<?php echo $id; ?>" method="post">

or pass id as hidden like

<input type="hidden" name="id" id="your_id"/>

answered Dec 08 '16 at 06:32

Shanu k k

1,235
2
18
43

I have edited my post to show the URL I used which contains the ID if you wouldn't mind looking at that. – JB2000 Dec 08 '16 at 06:39
@JB2000 -You i didn't get your logic.I think u dint get the id.You will get id if you click the link but if you submit the form you didn't get the id – Shanu k k Dec 08 '16 at 06:44
@JB2000 -You should pass id from form itself.then it will work – Shanu k k Dec 08 '16 at 06:47
Thank you for your help. – JB2000 Dec 08 '16 at 06:53
Is it work?@JB2000 – Shanu k k Dec 08 '16 at 06:53

Md. Sahadat Hossain · Answer 2 · 2016-12-08T06:27:29.767

0

Change your query to

$query = "UPDATE products SET p_name = 'TEST' WHERE p_id=". $id;

edited Dec 08 '16 at 06:27

answered Dec 08 '16 at 06:19

Md. Sahadat Hossain

3,210
4
32
55

Why did down vote this ? please comment – Elby Dec 08 '16 at 06:22
I don't know who and why down vote this. – Md. Sahadat Hossain Dec 08 '16 at 06:22
The semicolon at the end ends the query, I need another to end the sql statement too? – JB2000 Dec 08 '16 at 06:24
you just copy and paste my code. it will work – Md. Sahadat Hossain Dec 08 '16 at 06:25
1

`WHERE p_id= $id` and `WHERE p_id=" . $id . "` is exactly the same. *Nothing* changes. – Qirel Dec 08 '16 at 06:25
It does not work unfortunately. – JB2000 Dec 08 '16 at 06:25

Inserting PHP variable into SQL query

2 Answers2