0

My code below is not getting the id to update the database. The id is on the page URL coming from another page's form. No errors display on screen but my database does not update.

Am i missing something?

<?php
    if (isset($_POST['submit'])) {

    $id = $_POST["id"];
    $product_name = $_POST["product_name"];
    $visible = $_POST["visible"];

    $query  = "UPDATE products SET ";
    $query .= "product_name = '{$product_name}', ";
    $query .= "visible = {$visible} ";
    $query .= "WHERE id = $id ";
    $result = mysqli_query($connection, $query);
   }
?>
Rajendran Nadar
  • 4,962
  • 3
  • 30
  • 51
Willian
  • 25
  • 6
  • 3
    If the 'id is on the page URL' you need to use `$_GET["id"]` instead of `$_POST["id"]`. Also echo your query to see what it looks like, as a check. Finally, please learn about [the security risks of SQL-injection](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – KIKO Software Aug 29 '17 at 23:42
  • I've tried to use GET already, it didn't work. Also when i echo the query it does not give me any result. I'm studing injection, i'll do it later in the code. Thanks for the advice! – Willian Aug 29 '17 at 23:50
  • Then try step two; `echo $query;` and look at it. Better still, show us what it looks like. Also keep in mind that your condition: `isset($_POST['submit'])` might not be met. – KIKO Software Aug 29 '17 at 23:51
  • When i echo $query it does not give me anything in the screen. – Willian Aug 29 '17 at 23:54
  • Ok, add this line just after '';` and just before before '?>': `else echo 'missed it!';`. See what it does then. Finally, one of the basic problem is that there can be a syntax error, which would also give a blank page when PHP is in its default settings. I don't see a syntax error in your code, but there must be more code, and that could have a syntax error. – KIKO Software Aug 30 '17 at 00:02
  • To check for syntax error you can do many things: 1. Enable error reporting in the php.ini file. 2. Check the error logs of PHP. 3. Paste your code in http://sandbox.onlinephpfunctions.com and see what it says when you try to execute it. – KIKO Software Aug 30 '17 at 00:06
  • Can you post this form to check deeper? – Pedro Antônio Aug 30 '17 at 00:13
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Aug 30 '17 at 00:19
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Aug 30 '17 at 00:20
  • A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. – tadman Aug 30 '17 at 00:20
  • Thanks for your advice tadman! I'm learning about injection and i'm gonna aply it on the code later. In this case i was just using GET for the id in the url. – Willian Aug 30 '17 at 00:23

1 Answers1

0

Thanks for your help guys. I found the issue! As you've said Kiko, I've tried to echo anywhere inside the loop and the problem kept going on. Now i've changed the code in the beginning and it solved the problem.

Here's the solution:

<?php

if($_GET['id']){
$id = $_GET["id"];
$product_name = $_POST["product_name"];
$visible = $_POST["visible"];

    $query  = "UPDATE products SET ";
    $query .= "product_name = '{$product_name}', ";
    $query .= "visible = {$visible} ";
    $query .= "WHERE id = $id ";
    $result = mysqli_query($connection, $query);
}
?>
Willian
  • 25
  • 6