0

How can I update multiple columns in the table? It doesnt change the data in the database.

<?php
$id = $_GET['user'];
$any = mysql_query("SELECT * FROM function WHERE id='".$id ."'");
if ($edit = mysql_fetch_assoc($any)){
?>

//this is the form for the input type when updating the column

<form action="reserve_event.php" method="POST">
    <input type="text" name="fh" value="<?php echo $edit['fh'];?>">
    <input type="text" name="package" value="<?php echo $edit['package'];?>">
    <input type="text" name="guest" value="<?php echo $edit['guest'];?>">
    <input type="text" name="fee" value="<?php echo $edit['fee'];?>">
    <input type="text" name="status" value="<?php echo $edit['status'];?>">
    <input type="submit" name="submit" value="submit">
</form>

//this part is when i submit the data.
<?php
}
if(isset($_POST['submit'])){
    $fh= $_POST["fh"];
    $package= $_POST["package"];
    $guest= $_POST["guest"];
    $fee = $_POST["fee"];
    $status= $_POST["status"];
    $sql1 = mysql_query("UPDATE function SET fh='".$fh."',package= '".$package."', guest = '".$guest."',fee = '".$fee."',status= '".$status."' WHERE id='".$id."'");
}
?>
Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74
annies
  • 1
  • 1
  • 3
    You have an error in the php tag " – Dan Ionescu Mar 28 '17 at 16:13
  • 1
    Also, if you remove the `}` as @DanIonescu is telling you and it still doesn't update, put this code after `mysql_query` and tell us the result: `if (!$sql1) die('Invalid query: ' . mysql_error()); ` – Nelson Teixeira Mar 28 '17 at 16:15
  • 1
    Your code is vulnerable to SQL injection. See the PHP docs and/or [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for how to use prepared statements. – Alex Howansky Mar 28 '17 at 16:21
  • @DanIonescu i think that closing bracket is the one that close the if check... in that case it is perfectly legal – Lelio Faieta Mar 28 '17 at 16:21
  • Also, the mysql_* functions are deprecated as of 5.5 and removed as of 7.0. You should use mysqli_* or PDO. – Alex Howansky Mar 28 '17 at 16:23
  • you are using a deprecated and now removed API mysql_*. You should consider using mysqli_* or even better PDO. Your code is open to SQL Injection. Learn how to work with prepared statements for that – Lelio Faieta Mar 28 '17 at 16:23
  • @NelsonTeixeira -- PHP Parse error: syntax error, unexpected 'if' .. that is the result. – annies Mar 28 '17 at 16:25
  • btw if your query string is wrapped by double quotes you can also put variables with this notation: `WHERE id='$id'` instead of `WHERE id='".$id ."'` – Lelio Faieta Mar 28 '17 at 16:26
  • @annies what I meant is to put the code IN A LINE AFTER the line containing mysql_query. Edit the question and show your code with the alteration I asked you for us to see if you did it correctly. – Nelson Teixeira Mar 28 '17 at 16:31

2 Answers2

0

You can try with blow given code:

<?php
if(isset($_POST['submit']))
{
    $fh= $_POST["fh"];
    $package= $_POST["package"];
    $guest= $_POST["guest"];
    $fee = $_POST["fee"];
    $status= $_POST["status"];
    $sql1 = mysql_query("UPDATE `function` SET `fh`='".$fh."',`package`= '".$package."', `guest` = '".$guest."',`fee` = '".$fee."',`status`= '".$status."' WHERE `id`='".$id."'");
}
?>
Dan Ionescu
  • 3,135
  • 1
  • 12
  • 17
Gondaliya Darshan
  • 41
  • 6
  • 1
    what did you change? Why is this code supposed to fix OP's issues? Please add details to your answer – Lelio Faieta Mar 28 '17 at 16:30
  • I have change the ` for table name and fields name. – Gondaliya Darshan Mar 28 '17 at 16:33
  • 1
    they are called backticks and are just to escape mysql reserved words in case they are used in tables. See [this](https://dev.mysql.com/doc/refman/5.5/en/keywords.html) for reference on what are the reserved words – Lelio Faieta Mar 28 '17 at 16:36
0

You are using a reserved word "function" for mysql for your table name, one or your columns name "status" is a reserved word too. This means that mysql server will read function and will try to execute it instead of choosing the table with that name. IMHO it is better not to use reserved words in table or column definition but you can use backticks ` to escape the names.

This link will provide you a list of reserved words. So just adapt your query this way:

$sql1 = mysql_query("UPDATE `function` 
SET fh='$fh',package= '$package', guest = '$guest',fee = '$fee', `status`= '$status' 
WHERE id='$id'");

Check with the link I provided you if you have more reserved words in your query

The same applies to the Select query:

$any = mysql_query("SELECT * FROM `function` WHERE id='$id'");

Also as I mentioned in my comments: your code is open to SQL injections: use prepared statements to sanitize user inputs. Mysql_* API is deprecated and removed in PHP 7. Move to mysqli or better PDO

Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74