-6

The database won't update. What is the problem? I tried in many ways, all failed. I read the mysqli dictionary, the code should be working but it's not.

This is edit.php

<?php require_once 'header.php' ?>
<?php 
 $id = $_GET['id'];
?>
<div class="container">
 
 <form method="post" <?php echo "action='edit_resultu.php?id=".$id."'"; ?>>

 <input type="text" name="track" class="form-control" placeholder="Enter track" maxlength="70"/>
 <button type="submit" class="btn btn-block btn-primary" name="update">Submit</button>
 </form>
</div>
</body>
</html>

this is edit_resultu.php

<?php

if(isset($_POST['update']))
{
$id = $_GET['id'];
$track = $_POST['track'];

$query = "UPDATE `db71038521`.`packs` SET track = `$track` WHERE `packs`.`id` = '$id'";

if(!mysqli_query($conn, $query))
{
  die('Could not update data: ' . mysqli_error($query));
}
echo "Updated data successfully\n";

}


?>
</body>
</html>
halfer
  • 19,824
  • 17
  • 99
  • 186
antuan joh
  • 1
  • 4
    **Danger**: This code is [vulnerable to XSS](https://www.owasp.org/index.php/XSS) User input needs escaping before being inserted into an HTML document!. – Quentin Nov 27 '17 at 11:44
  • 4
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Nov 27 '17 at 11:45
  • [The HTML5 placeholder attribute is not a substitute for the label element](http://www.456bereastreet.com/archive/201204/the_html5_placeholder_attribute_is_not_a_substitute_for_the_label_element/) – Quentin Nov 27 '17 at 11:45
  • Your form method is Post, you can make the id hidden field and use $_POST – Masivuye Cokile Nov 27 '17 at 11:45
  • 2
    This code should generate the error *Warning: mysqli_query() expects parameter 1 to be mysqli, null given*. Does it? Have you ensured that PHP is configured to show you errors? – Quentin Nov 27 '17 at 11:46
  • 1
    @MasivuyeCokile — Using a form with `method="post"` does not prevent you from putting data in the query string and reading it in `$_GET`. – Quentin Nov 27 '17 at 11:47
  • 1
    @Quentin i did not say it does, its just a bad idea to do and u knw that too – Masivuye Cokile Nov 27 '17 at 11:48
  • 1
    @MasivuyeCokile — It isn't a bad idea. – Quentin Nov 27 '17 at 11:49
  • Besides the obvious that you should use `$conn->escape_string($yourString);` before entering the data into the database, this question does not contain enough information to solve the problem. – StackSlave Nov 27 '17 at 11:54
  • 1
    @PHPglue — Bound variables are a better approach than explicit escaping. – Quentin Nov 27 '17 at 11:55
  • turned on the mysqli_error in php.ini. got this errors – antuan joh Nov 27 '17 at 11:58
  • Warning: mysqli_query() expects parameter 1 to be mysqli, null given in edit_resultu.php on line 10 Warning: mysqli_error() expects parameter 1 to be mysqli, string given in edit_resultu.php on line 12 – antuan joh Nov 27 '17 at 11:58
  • `` that's invalid for one thing and where is your connection codes? – Funk Forty Niner Nov 27 '17 at 12:10
  • `mysqli_error($query)` that's the wrong variable; you need to use the connection and not the result set. – Funk Forty Niner Nov 27 '17 at 12:11
  • @Fred-ii- — What's invalid about that echo statement? – Quentin Nov 27 '17 at 12:12
  • @Quentin Ok "invalid" was the wrong word, more like "why use that method" ;-) This question doesn't seem to be going anywhere now, so I don't know why you're still sticking around *lol!* - P.s.: Not my downvote you got for your answer btw. Bit of a rabbit hole, wouldn't you say? – Funk Forty Niner Nov 27 '17 at 12:15
  • *"This is edit.php"* - you should be getting an undefined error here for the first opening lines. – Funk Forty Niner Nov 27 '17 at 12:16

1 Answers1

0
mysqli_query($conn, $query)

You are passing the variable $conn to mysqli_query… but you never assign it a value.

You need to call mysqli_connect to establish a connection to the database before you can query it.

mysqli_error($query)

The point of mysqli_error is to ask the database server what went wrong, not to analyse a string of SQL.

You need to pass the connection (as above), not the query.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • it is assigned in dbconfig.php file. – antuan joh Nov 27 '17 at 12:03
  • it works selecting data from database, deleting it. But not updating... – antuan joh Nov 27 '17 at 12:04
  • 1
    @antuanjoh — There is no mention of that file in your question. You have not shown that file's contents in the question. You have no `include` statement referencing it in the question. **The error message says that the value of `$conn` is `null`.** – Quentin Nov 27 '17 at 12:04
  • @antuanjoh — Presumably, therefore, the cause of your problem is that "You forgot to include that file in `edit_resultu.php`". – Quentin Nov 27 '17 at 12:13