Update using php and mysql

Question

I have followed a tutorial online for using CRUD. However I've come to the Update part and I am having some issues with the GET function and the fetch_row.

Undefined variable: fetched_row in C:\xampp\htdocs\Website\editsuppliers.php on line 69 is one error message and the next is undefined index : editsuppliers

Here is what I have so far.

<?php 
include_once 'connect.php' ;
if(isset($_GET['editsuppliers']))
{
 $sql_query="SELECT * FROM suppliers WHERE SuppliersID=".$_GET['editsuppliers'];
 $result_set=mysql_query($sql_query);
 $fetched_row=mysql_fetch_array($result_set);
}
if(isset($_POST['btn-update']))
{
 // variables for input data
$SupplierID = $_POST['SupplierID'];
 $SupplierName = $_POST['SupplierName'];
 $Address = $_POST['Address'];
 $EmailAddress = $_POST['EmailAddress'];
 $PhoneNumber = $_POST['PhoneNumber'];
  // variables for input data

 // sql query for update data into database
 $sql_query = "UPDATE suppliers SET SupplierID='$SupplierID',SupplierNamee='$SupplierName',Address='$Address',EmailAddress='$EmailAddress',PhoneNumber'$PhoneNumber' WHERE SupplierID=".$_GET['editsuppliers'];
 // sql query for update data into database

 // sql query execution function
 if(mysql_query($sql_query))
 {
  ?>
  <script type="text/javascript">
  alert('Data Updated Successfully');
  window.location.href='suppliers.php';
  </script>
  <?php
 }
 else
 {
  ?>
  <script type="text/javascript">
  alert('error occured while updating data');
  </script>
  <?php
 }
 // sql query execution function
}
if(isset($_POST['btn-cancel']))
{
 header("Location: suppliers.php");
}
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Suppliers</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>

<div id="header">
 <div id="content">
    <label</label>
    </div>
</div>

<div id="body">
 <div id="content">
    <form method="post">
    <table align="center">
    <tr>
    <td><input type="text" name="SupplierID" placeholder="Supplier ID" value="<?php echo $fetched_row['SupplierID']; ?>" required /></td>
    </tr>
    <tr>
    <td><input type="text" name="SupplierName" placeholder="Supplier Name" value="<?php echo $fetched_row['SupplierName']; ?>" required /></td>
    </tr>
    <tr>
    <td><input type="text" name="Address" placeholder="Address" value="<?php echo $fetched_row['Address']; ?>" required /></td>
    </tr>
    <tr>
    <td><input type="text" name="EmailAddress" placeholder="Email Address" value="<?php echo $fetched_row['EmailAddress']; ?>" required /></td>
    </tr>
    <tr>
    <td><input type="text" name="PhoneNumber" placeholder="Phone Number" value="<?php echo $fetched_row['PhoneNumber']; ?>" required /></td>
    </tr>
    <tr>
    <td>
    <button type="submit" name="btn-update"><strong>UPDATE</strong></button>
    <button type="submit" name="btn-cancel"><strong>Cancel</strong></button>
    </td>
    </tr>
    </table>
    </form>
    </div>
</div>

</center>
</body>
</html>

1st of all, as mysql_* was deprecated in PHP 5.5 (please refer to [PHP doc](http://php.net/manual/en/function.mysql-connect.php)) you should **really** consider using [PPS : Prepared Parameterized Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). This will help [Preventing SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — OldPadawan, Apr 15 '17 at 17:10
please use `error_reporting(E_ALL); ini_set('display_errors', 1);` on top of your pages and echo `$_GET` and `$_POST` vars right before you need to use them, see what is returned (any other stuff missing ?) I'm pretty sure that `$sql_query="SELECT * FROM suppliers WHERE SuppliersID=".$_GET['editsuppliers'];` will get you into troubles... — OldPadawan, Apr 15 '17 at 17:13
[Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe. — junkfoodjunkie, Apr 15 '17 at 17:15
Your update query is missing an = sign for phone number column. Also this script mustn't go live for your own sake — Rotimi, Apr 15 '17 at 17:18
this is a typo question also. Checking for the real error would have thrown you something about it in the query — Funk Forty Niner, Apr 15 '17 at 20:23

score 0 · Answer 1 · answered Apr 15 '17 at 17:16

0

According to your statement make sure you pass editsuppliers in url.

Please explain error in more details.

answered Apr 15 '17 at 17:16

Nilesh Bhanushali

1
2

How do I do that? The errors about the fetched_row appear In each text box – James Morris Apr 15 '17 at 17:24

Update using php and mysql

1 Answers1