0

learner here, going a little nuts.. i seem to be getting no errors, yet it is not updating. connection is fine.

if(isset($_GET['edit_id'])){
    $sql="SELECT * FROM info WHERE id=" .$_GET['edit_id'];
    $result= mysqli_query($connect, $sql);
    $row = mysqli_fetch_array($result);
}


//update
if(isset($_POST['btn-update'])){
    $name=$_POST['name'];
    $suname=$_POST['surname'];
    $age=$_POST['age'];
    $result=$_POST['result'];
    $log=$_POST['log'];

    $update="UPDATE employeeinfo SET name='$name', surname='$surname' WHERE id=". $_GET['edit_id'];
    $up= mysqli_query($connect, $update);

    if(!isset($sql)){
        die("Error $sql" .mysqli_connect_error());
    }
    else
    {
        header("location: record.php");
    }
}

and my calling

<html>
<body>
<h1>edit info<h1>
<form method="post">
name:<input type="text" class="form-control" name="name" value="<?php echo $row['name']; ?>"><br><br>
surname: <input type="text" name="surname" placeholder="Surname" value="<?php echo $row['surname']; ?>"><br><br>

log: <input type="text" name="log" placeholder="0" value="<?php echo $row['log']; ?>"><br><br>

<button type"submit" name"btn-update" id="btn-update" onclick="update()"><strong>Update</strong></button>

<a href="record.php"><button type="button" value="button">Cancel</button></a>
</form>


<script>
function update(){
    var x;
    if(confirm("Updated data Successfully") == true){
        x = "update";
    }

}

</script>

Not even sure if that script does anything, because my prompt said "update successful" yet clearly it wasnt. Thank you guys as always

Charlesx54321
  • 27
  • 4
  • i tried using other code and changing it to fit my needs, should my $up be used instead of $update somewhere? – Charlesx54321 Jul 18 '17 at 20:53
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 18 '17 at 20:57
  • Your form does not have an action, is the PHP code in the same file? – Jay Blanchard Jul 18 '17 at 20:59
  • You forgot to put `=` signs in two places, it should be ` – Rajdeep Paul Jul 18 '17 at 21:00
  • @JayBlanchard thank you again sir, SQL injections will be my next part of my education, as im still testing my basic practices!! – Charlesx54321 Jul 19 '17 at 15:11
  • @RajdeepPaul Thank you so much, you're the man! As usual, i feel very silly -.- sometimes when you look at the big picture you cant focus on the small. Thanks again!! – Charlesx54321 Jul 19 '17 at 15:12
  • @RajdeepPaul Guys, another problem. im only testing the name and surname update for the moment. the name update works great... the Surname is being deleted (or replaced by an empty space) every time i update the record.. im using – Charlesx54321 Jul 19 '17 at 16:32
  • @JayBlanchard anyone have any ideas? – Charlesx54321 Jul 19 '17 at 19:44
  • @Charlesx54321 Simple, you missed a `r` in `$suname=$_POST['surname'];`, it should be `$surname=$_POST['surname'];`. Turn on error reporting, add these lines `ini_set('display_errors', 1);error_reporting(E_ALL);` at the very top of your PHP scripts. – Rajdeep Paul Jul 20 '17 at 19:34

0 Answers0