0

Issues in Update/edit users using php mysqli

I have successfully created a admin dashboard, but my update/edit functionality not working.

Kindly check my below code & let me know where I'm wrong.

Kindly find my code below:

//Php Code goes here

<?php
require_once('includes\database.php');
?>

<?php

$id= $_GET['id'];

$query= "SELECT * FROM customer
        INNER JOIN customer_address
        ON customer.id=customer_address.customer
        WHERE customer.id=$id";
$mysqli->query($query);

if($result= $mysqli->query($query)){
    while($row=$result->fetch_assoc()){

        $name= $row['name'];
        $email= $row['email'];
        $phone= $row['phone'];
        $password= $row['password'];
        $image= $row['image'];
        $address= $row['address'];
        $Country= $row['Country'];
        $City= $row['City'];
        $Zip_code= $row['Zip_code'];
    }

    $result->close();

}


?>

<?php


    if ($_POST) {


$id= $_GET['id'];


    $name= mysqli_real_escape_string($_POST['name']);
    $email= mysqli_real_escape_string($_POST['email']);
    $phone= mysqli_real_escape_string($_POST['phone']);
    $password= md5(mysqli_real_escape_string($_POST['password']));
    $image= mysqli_real_escape_string($_POST['image']);
    $address= mysqli_real_escape_string($_POST['address']);
    $Country= mysqli_real_escape_string($_POST['Country']);
    $City= mysqli_real_escape_string($_POST['City']);
    $Zip_code= mysqli_real_escape_string($_POST['Zip_code']);

    $sql= "UPDATE customer SET 
    name='$name',
    email='$email',
    phone='$phone',
    password='$password',
    image='$image'
    WHERE id=$id;

    $res= $mysqli->query($sql)";

    $sql= "UPDATE customer_address SET 
    address='$address',
    Country='$Country',
    City='$City',
    Zip_code='$Zip_code',
    WHERE customer=$id";

    $mysqli->query($sql);

    exit;
}


?>

//Html

<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>CManager | Edit Customer</title>
    <!-- Bootstrap core CSS -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <!-- Custom styles for this template -->
    <link href="css/jumbotron-narrow.css" rel="stylesheet">
  </head>
  <body>
    <div class="container">
      <div class="header">
        <ul class="nav nav-pills pull-right">
          <li class="active"><a href="index.php">Home</a></li>
          <li><a href="add_customer.php">Add Customer</a></li>
        </ul>
        <h3 class="text-muted">Store CManager</h3>
      </div>

      <div class="row marketing">
        <div class="col-lg-12">
         <h2>Edit Info</h2>
         <table class="table table-striped">

        <form method="POST" action="add_customer.php">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="name" required="true" value="<?php echo $name; ?>"></td>
</tr>

<tr>
<td>Email:</td>
<td><input type="email" name="email" required="true" value="<?php echo $email; ?>"></td>
</tr>

<tr>
<td>Phone:</td>
<td><input type="phone" name="phone" required="true" value="<?php echo $phone; ?>"></td>
</tr>

<tr>
<td>Password:</td>
<td><input type="password" name="password" required="true" value="<?php echo $password; ?>"></td>
</tr>

<tr>
<td>Image:</td>
<td><input type="text" name="image" required="true" value="<?php echo $image; ?>"></td>
</tr>

<tr><td><h2>Other Details:</h2><td></tr>

<tr>
<td>Address:</td>
<td><input type="text" name="address" value="<?php echo $address; ?>"></td>
</tr>

<tr>
<td>Country:</td>
<td><input type="text" name="Country" value="<?php echo $Country; ?>"></td>

 </select> 
</tr>

<tr>
<td>City:</td>
<td><input type="text" name="City" value="<?php echo $City; ?>"></td>
</select>
</tr>

<tr>
<td>Zip Code:</td>
<td><input type="text" name="Zip_code" value="<?php echo $Zip_code; ?>"></td>
</tr>

<tr><td><input type="submit" value="update" name="submit"></td></tr>

</table>
</form>



        </table>
        </div>


      </div>

      <div class="footer">
        <p>&copy; Company 2014</p>
      </div>

    </div> 
  </body>
</html>
Script47
  • 14,230
  • 4
  • 45
  • 66
Zarah Hafeez
  • 37
  • 3
  • 1
    Are you sure you put quotes correctly? – u_mulder Sep 13 '17 at 11:04
  • Your quote includes the function which runs the query, so you never run the `customer` update. Which then fails the other update, because the querystring becomes invalid. Look at the quoting. – Qirel Sep 13 '17 at 11:06
  • *Waiting for fruitful answers......................* - Keep waiting, please provide errors/issues. – Script47 Sep 13 '17 at 11:06
  • check line `$res= $mysqli->query($sql)";` – Jigar Shah Sep 13 '17 at 11:06
  • `$res= $mysqli->query($sql)";` you have put " at last of this function and you have not completed closing " quote – Pankaj Makwana Sep 13 '17 at 11:06
  • yeah i corrected that, but still not working. Notice: Undefined index: id in D:\Xampp\htdocs\cmanager\edit.php on line 7 – Zarah Hafeez Sep 13 '17 at 11:10
  • "Not working" isn't descriptive at all. You are expected to do your own debugging and post relevant error-messages. Use `error_reporting(E_ALL); ini_set('display_errors', 1);` to find any PHP errors. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get any errors from MySQL. – Qirel Sep 13 '17 at 11:12
  • Relevant dupe: [PHP Error: Mysqli_real_escape_string() expects exactly 2 parameters, 1 given](https://stackoverflow.com/questions/7743372/php-error-mysqli-real-escape-string-expects-exactly-2-parameters-1-given) – Qirel Sep 13 '17 at 11:12
  • You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare) and [`mysqli_stmt::bind_param()`](http://php.net/mysqli-stmt.bind-param). – Qirel Sep 13 '17 at 11:13

1 Answers1

0

There are two problems.

Updating:

To update the fields you have to get the ID. You are not sending it trough POST of GET (form action has nog querystring).

You try to get the ID like this:

$id = $_GET['id'];

But to get this work you have to add ?id=X to the FORM action. Or add a HIDDEN FIELD to the FORM and use

$id = $_POST['id'];

Inserting:

You cannot use UPDATE to INSERT a new customer. So you have to make an INSERT QUERY for this:

INSERT INTO `table` (`column1`, `columns2`) VALUES ('value1', 'value2');
Remco K.
  • 644
  • 4
  • 19