There's no error, but its not working about UPDATE query in PHP and MySQL

Question

I don't what is the wrong about this, there's no error but its not working about the update query. I don't know if its the latest code or old code. The first code is the accommodation_server.php.

Here's the structure:

<?php 

    session_start();

     $title_room = "";
     $room_size = "";
     $occupancy = "";
     $bed = "";
     $rate = "";
     $others = "";
     $others1 = "";
     $others2 = "";
     $others3 = "";
     $others4 = "";
     $id = 0;
     $edit_state = false;

    //connect to the database
    $db = mysqli_connect('localhost', 'root', '', 'accommodation');

    //update
    if (isset($_POST['update'])) {
        $title_room = $_POST['text_title'];
        $room_size = $_POST['text_size'];
        $occupancy = $_POST['text_occupancy'];
        $rate = $_POST['text_rate'];
        $others = $_POST['text_others1'];
        $others1 = $_POST['text_others2'];
        $others2 = $_POST['text_others3'];
        $others3 = $_POST['text_others4'];
        $others4 = $_POST['text_others5'];
        $bed = $_POST['text_bed'];
        $description = $_POST['text_description'];
        $id = $_POST['text_id'];

        mysqli_query($db, "UPDATE rooms SET title_room = '$title_room', room_size = '$room_size', occupancy = '$occupancy', rate = '$rate', bed = '$bed', others = '$others', others1 = 'others1', others2 = '$others2', others3 = '$others3', others4 = '$others4', description = '$description' where id=$id");
        $_SESSION['msg'] = "Room Updated!";
        header('location: accommodation.php');
    }

        //retrieve records
        $results = mysqli_query($db, "SELECT * FROM rooms");
 ?>

and this is the accommodation.php

<?php include ('accomodation_server.php'); 

    //fetch the record
    if (isset($_GET['edit'])) {
        $id = $_GET['edit'];
        $edit_state = true;
        $rec = mysqli_query($db, "SELECT * FROM rooms where id=$id");
        $record = mysqli_fetch_array($rec);
        $title_room = $record['title_room'];
        $room_size = $record['room_size'];
        $occupancy = $record['occupancy'];
        $rate = $record['rate'];
        $others = $record['others'];
        $others1 =$record['others1'];
        $others2 = $record['others2'];
        $others3 = $record['others3'];
        $others4 = $record['others4'];
        $bed = $record['Bed'];
        $description = $record['description'];
        $id = $record['id'];
    }
    ?>
<html>
<head>
    <title>C M S</title>
    <link rel="stylesheet" type="text/css" href="css/accommodation.css">
    <meta name="viewport" content="width=device-width, initial-scale: 1.0, user-scalable=0"/>
</head>
<body>
    <?php if(isset($_SESSION['msg'])): ?>
        <div class="msg">
            <?php 
            echo $_SESSION['msg'];
            unset($_SESSION['msg']);
             ?>
        </div>
    <?php endif ?>

    <div id="container">
        <div class="sidebar">
        <ul id="nav">
            <li><a  href="dashboard.php">Dashboard</a></li>
            <li><a  class="selected" href="cms.php">CMS</a></li>
            <li><a  href="acc-settings.php">Account Settings</a></li>
            <li><a href="login.php">Logout</a></li>

        </ul>
        </div>
        <div class="content">
        <br>
        <br>
        <h1>Accommodation</h1>
        <p>Edit and remove images or description.</p>

            <?php while ($row = mysqli_fetch_array($results)) { ?>

            <form method="post" action="#">
            <input type="hidden" name="id" value="<?php echo $id; ?>">
            <div id="box">
            <div class="title-room"><b> <!--title ng room--> <?php echo $row['title_room']; ?></b></a>
            <a href="accommodation.php?edit=<?php echo $row['id']; ?>" class = "edit_btn" name="title_edit">Edit</a>
            <input type="text" name="text_title" placeholder = "Enter the name of the room..." class="title" value="<?php echo $title_room; ?>">
            </div>

            <div class="box-top">Room Size:<p><?php echo $row['room_size']; ?></p></a>
            <input type="text" name="text_size" placeholder = "Enter the size of the room..." class="size" value="<?php echo $room_size; ?>">
            </div>

            <div class="box-top">Bed: <p><?php echo $row['Bed']; ?></p></a>
            <input type="text" name="text_bed" placeholder = "Enter the bedtype of the room..." class="bed" value="<?php echo $bed; ?>">
            </div>

            <div class="box-top">Occupancy: <p><?php echo $row['occupancy']; ?></p></a>
            <input type="text" name="text_occupancy" placeholder = "Enter the occupancy of the room..." class="occupancy" value="<?php echo $occupancy; ?>">
            </div>

            <div class="box-top">Rate from: <p><?php echo $row['rate']; ?></p></a>
            <input type="text" name="text_rate" placeholder = "Enter the rate of the room..." class="rate" value="<?php echo $rate; ?>">
            </div>

            <div class="box-top">Others: 

            <p class="others1"> <br> 
            <input type="text" name="text_others1" placeholder = "Others..." class="t_others1" value="<?php echo $others; ?>"> 
            <?php echo $row['others']; ?></p> <br> 

            <p class="others2">
            <input type="text" name="text_others2" placeholder = "Others..." class="t_others2" value="<?php echo $others1; ?>">
            <?php echo $row['others1']; ?></p> <br> 

            <p class="others3">
            <input type="text" name="text_others3" placeholder = "Others..." class="t_others3" value="<?php echo $others2; ?>">
            <?php echo $row['others2']; ?></p><br>

            <p class="others4">
            <input type="text" name="text_others4" placeholder = "Others..." class="t_others4" value="<?php echo $others3; ?>">
            <?php echo $row['others3']; ?></p> <br> 

            <p class="others5">
            <input type="text" name="text_others5" placeholder = "Others..." class="t_others5" value="<?php echo $others4; ?>">
            <?php echo $row['others4']; ?></p></a><br> </div>
            <div class="box-panel"> 
                <?php echo $row['description']; ?>
                 <br><p> &nbsp; </p>
                <textarea  placeholder = "Enter the Description of the Room..." rows="4" cols="100" class="description" name="text_description" value="<?php echo $description; ?>">
                </textarea>
            </div>

            <?php if ($edit_state == false): ?> 
            <button type="submit" name="edit_button" class="edit_button">Edit</button>
            <?php else: ?>
            <button type="submit" name="update" class="btn">Update</button>
            <?php endif ?>
            </form>

            <?php } ?>

            <div id="box">
            <div class="box-top"><a href="#">Destination</a></div>
            <div class="box-panel">
                Information of the resort (contact number, destination, etc)
            </div>

            <div id="box">
            <div class="box-top"><a href="#">Accommodation</a></div>
            <div class="box-panel">
                Rooms, and the description of the room.
            </div>

            <div id="box">
            <div class="box-top"><a href="#">Photos</a></div>
            <div class="box-panel">
                All images of the website.
            </div>



        </div>
        </div>
    </div>
        <div id="header">
        <div class="logo"><a href="#">Pacific Sky Beach Resort Admin Panel <span></span></a></div>  
    </div>
</body>
</html>

Use parameterized queries, check the return of `mysqli_query`. This is open to SQL injections as is. — chris85, Jul 30 '17 at 20:09
What means "its not working"? What shows the screen? Any message? Try to use `echo 'test';` for a quick troubleshooting. — GePu, Jul 30 '17 at 20:09
You are looking for a posted value named text_id which doesn't exist. `$id = $_POST['text_id'];` — Andy G, Jul 30 '17 at 20:13
@AndyG thankyouuu so much!! thankyou thankyouuu!! It works now!! — Dave Spencer, Jul 30 '17 at 20:16

Solor · Answer 1 · 2017-07-30T20:13:44.233

-1

mysqli_query($db, "UPDATE rooms SET title_room = '$title_room', room_size = '$room_size', occupancy = '$occupancy', rate = '$rate', bed = '$bed', others = '$others', others1 = 'others1', others2 = '$others2', others3 = '$others3', others4 = '$others4', description = '$description' where id='$id'");

you missed the '' surrounding id='$id' in the first code sample

and again in the second

$rec = mysqli_query($db, "SELECT * FROM rooms where id='$id'");

also if you add print_r($db) after your query's it will show you if there are any errors in your sql request

edited Jul 30 '17 at 20:13

answered Jul 30 '17 at 20:06

Solor

39
7

Using PHP-variables in strings works without using apostrophes. – GePu Jul 30 '17 at 20:07
but it is a int I think. – Dave Spencer Jul 30 '17 at 20:10
$id would be an int tho? to my knowledge ints are never wrapped – Solor Jul 30 '17 at 20:10
@Solor what do u mean? :( – Dave Spencer Jul 30 '17 at 20:12
@Solor ishould put aposthrope in my id? – Dave Spencer Jul 30 '17 at 20:13
try replacing the queries with the ones i added to my answer, where you wrote "WHERE id=$id" should be WHERE id='$id' wrap the value like you did with the rest of your variables – Solor Jul 30 '17 at 20:14
4

An integer does not need to be quoted. It is strange that you are saying ints don't need to be quoted but are saying to quote it... – chris85 Jul 30 '17 at 20:16
i meant ints are never wrapped by php... – Solor Jul 30 '17 at 20:19
What does "wrapped by php" mean? In this scenario, there's no difference how PHP handles a variable that's a string or an integer, except that an integer doesn't need the single quotes in the query. This isn't an answer, since you're asking the OP to do something that's not required for it to work. – M. Eriksson Jul 30 '17 at 20:25
1

*"i meant ints are never wrapped by php"* - @Solor why? MySQL will compensate for it for what the OP's query is. I would agree with you had they used a function where an explicit integer were required, one such as `IN()` when checking for explicit integers in an `int` based column, but in this case it doesn't matter. Again, MySQL will compensate for it. – Funk Forty Niner Jul 31 '17 at 00:30
thanks guys :) i was unaware that ints did not need to be wrapped in sql. always happy to learn something new. by habit i always add backticks to table and column names, and single quotes for values – Solor Jul 31 '17 at 16:59
Turn the tide against teaching/propagating sloppy and dangerous coding practices. If you post an answer without prepared statements [you may want to consider this before posting](http://meta.stackoverflow.com/q/344703/). Additionally [a more valuable answer comes from showing the OP the right method](https://meta.stackoverflow.com/a/290789/1011527). – Jay Blanchard Aug 22 '17 at 16:10

There's no error, but its not working about UPDATE query in PHP and MySQL

1 Answers1