I want to update the record in my sql but it updates all the data not getting the right id

Question

this is form which shows the data which i have to update the data i get correctly i want when i pressed update button the data is update by using up.php file

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "alurdu_db";
$id = $_GET['id'];
mysql_query('SET CHARACTER SET utf8'); 
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) 
{    
    die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"utf8");
$sql = "SELECT * FROM news WHERE news_id='$id'";
    $result = $conn->query($sql);
     if ($result->num_rows >0) {

  while($row = $result->fetch_assoc()) {
  ?>
        <form action="up.php" method="post" enctype="multipart/form-data">
        <div class="form-group">
              <input type="text" class="form-control" name="news_title" value="<?=$row["title"]?>">
            <div class="col-md-2 text-center">News Title</div>
         <button type="submit" class="btn btn-default text-align" style="background-color:#3c8dbc;color:white" value="">Update</button></a>
        </form>
<?php
    }

 } else {
    echo "Wrong Page";
}
$conn->close();
?>

this is up.php file i don't know why it does not getting the id if update without id it update all the data of the table

<?php
$news_title = $_POST["news_title"];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "alurdu_db";
$news_id = $_GET['id'];
mysql_query('SET CHARACTER SET utf8'); 
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"utf8");

$sql = " UPDATE news SET title='$news_title' WHERE news_id='$news_id' ";

if ($conn->query($sql) === TRUE) {
    echo "Updated";
 }
else {
 echo "Error: " . $sql . "<br>" . $conn->error;
 }

$conn->close();
?>

Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, Apr 20 '17 at 18:05
okey i will change it but please tell me how i get the right id — MUHAMMAD UMAR GULZAR, Apr 20 '17 at 18:07
Could it be because you are getting the id into the wrong variable? `$news_id = $_GET['id'];` -> `$sql = " UPDATE news SET title='$news_title' WHERE news_id='$id';`. Probably should be `$sql = " UPDATE news SET title='$news_title' WHERE news_id='$news_id';`. That and of course SQL injection as already mentioned. — Viliam Aboši, Apr 20 '17 at 18:08
This code has a glaring PHP syntax error. It's not going to update *anything*. — David, Apr 20 '17 at 18:10
if i give the news_id="$news_id" or $id it giving the error of this Notice: Undefined index: id in C:\xampp\htdocs\abc\admin\pages\manage-news\up.php on line 16 Notice: Undefined variable: id in C:\xampp\htdocs\abc\admin\pages\manage-news\up.php on line 28 — MUHAMMAD UMAR GULZAR, Apr 20 '17 at 18:11
@MUHAMMADUMARGULZAR: Your PHP logs would tell you where the syntax error is. The syntax highlighting in the question above even indicates where it is. You never closed the string for your `UPDATE` statement. So nothing after that will execute. — David, Apr 20 '17 at 18:17
i closed this but still error comming $sql = " UPDATE news SET title='$news_title' WHERE news_id='$id' "; undefine variable id — MUHAMMAD UMAR GULZAR, Apr 20 '17 at 18:19
look at the code i add quotes but the undefine id is comming i am trying to getting the id with _GET["$id"] when i submit the form but i get error when i press update button id is undefine. — MUHAMMAD UMAR GULZAR, Apr 20 '17 at 18:22
@MUHAMMADUMARGULZAR what is the otuput of `var_dump($_POST); var_dump($_GET);`? — Viliam Aboši, Apr 20 '17 at 18:25

score 0 · Answer 1 · answered Apr 20 '17 at 18:11

0

Looks like your SQL statement isn't in closed quotes. It should look like this:

$sql = "UPDATE news SET title='" . $news_title . "' WHERE news_id='" . $news_id . "'";

answered Apr 20 '17 at 18:11

Burton Solution

54
8

not working giving the same error as above Notice: Undefined index: id in C:\xampp\htdocs\abc\admin\pages\manage-news\up.php on line 16 – MUHAMMAD UMAR GULZAR Apr 20 '17 at 18:15
@MUHAMMADUMARGULZAR edit your code so that we can see how you fixed it. If you changed the `$id` into `$news_id` the error should not read `Undefined index: id`. Not to mention, that the 16th line in your example seems to be empty (or not contain "id" at all). – Viliam Aboši Apr 20 '17 at 18:23
the error is comming from this at above the connection $news_id = $_GET['id']; – MUHAMMAD UMAR GULZAR Apr 20 '17 at 18:28
@MUHAMMADUMARGULZAR that means that `$_GET['id']` does not exist. Try var_dumping it out as I suggested in comment under you question. – Viliam Aboši Apr 20 '17 at 18:33
thanks its working now. i just put input filed by type hidden in first form and echo the value of the current post so in up.php i got the correct id thanks alot for yours time – MUHAMMAD UMAR GULZAR Apr 20 '17 at 18:40

I want to update the record in my sql but it updates all the data not getting the right id

1 Answers1