how to update record in PHP, sqli

Question

I want to update my record in database and showing in table but this code i cant understand what problem happen. kindly inform me thanks. i am very thankful to you my dear. how can i correct it?? how it is possible and what problem occur in this code

<?php
include("connection.php");

$edit_rec = $_GET['edit'];

$query= "SELECT * from card_rec where id='$edit_rec'";

$run = mysqli_query($con,$query);
$row = mysqli_fetch_row($run);

if ($_POST) 
{
    $name = $_POST['name'];
    $fname = $_POST['fname'];
    $school = $_POST['school'];
    $address = $_POST['address'];
    $contact = $_POST['contact'];
    $id = $_POST['id'];

    $query1="UPDATE card_rec SET name='$name', fname='$fname', school='$school',address='$address',contact= '$contact' WHERE id='$id'";

    if ($query1) {
        echo "<script>alert('Record Update'); window.location = 'card_rec.php' </script>";
    }
    else
    {
        echo "not update";
    }
}

?>

<!DOCTYPE html>
<html>
<head>
    <title>Update</title>
</head>
<body>

<form method="post">
    <input type="hidden" name="id" value="<?php echo $row[0] ?>"><br>
<input type="text" name="name" value="<?php echo $row[1] ?>"><br>
<input type="text" name="fname" value="<?php echo $row[2]  ?>"><br>
<input type="text" name="school" value="<?php echo $row[3]  ?>"><br>
<input type="text" name="address" value="<?php echo $row[4]  ?>"><br>
<input type="text" name="contact" value="<?php echo $row[5] ?>"><br>
<input type="submit" name=" submit">
</form>

</body>
</html>

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Apr 19 '17 at 12:04
You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. — John Conde, Apr 19 '17 at 12:05
you never executed the query or passed db connection to it, so your UPDATE never happened. — Funk Forty Niner, Apr 19 '17 at 12:05
@JohnConde *"Use mysqli_error() to get a detailed error message from the database"* See my comment to them above ;-) can't check what they didn't do *lol* — Funk Forty Niner, Apr 19 '17 at 12:08

Dewni Weeraman · Answer 1 · 2017-04-19T12:45:33.533

use the mysqli_error() function to get the description of the error for the most recent function call.

$query= "SELECT * from card_rec where id='$edit_rec'";
$run = mysqli_query($con,$query) or die (mysqli_error($con));



$query1="UPDATE card_rec SET name='$name', fname='$fname', school='$school',address='$address',contact= '$contact' WHERE id='$id'";

if (mysqli_query($con, $query1)) {
    echo "updated";
} else {
    echo "not updated";
}

score 0 · Answer 2 · answered Apr 19 '17 at 12:43

for sure you didnt run the last query so it doesnt do any thing. and your code need some optimzation.

always check the $_POST action and not empty on it and try to use a class instead of this messy code.

   <?php

$serverName = "localhost";
$username = "username";
$password = "password";
$dbName = "myDB";

// Create connection
$conn = new mysqli($serverName, $username, $password, $dbName);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

if (isset($_POST) and !empty($_POST)) {

$name = $_POST['name'];
$fname = $_POST['fname'];
$school = $_POST['school'];
$address = $_POST['address'];
$contact = $_POST['contact'];
$id = $_POST['id'];

$query1="UPDATE card_rec 
         SET 
         name='$name', 
          fname='$fname', 
           school='$school', 
           address='$address', 
           contact= '$contact' 
            WHERE id='$id'";

if ($conn->query($sql) === TRUE) {
    echo "Record updated successfully";
} else {
 echo "Error updating record: " . $conn->error;
}

}

how to update record in PHP, sqli

2 Answers2