I want to update data to my database using PDO but nothing changes in database

Question

<?php
    if(isset($_POST['submit'])){
        $_POST = array_map( 'stripslashes', $_POST );
        extract($_POST);
        if($eventName ==''){
        $error[] = 'Please enter the Event Name.';
    }
        if(!isset($error)){
            try {
                $stmt = $db->prepare('UPDATE event SET eventID = :eventID, eventName = :eventName, eventTime = :eventTime, eventLocation = :eventLocation, postDate = :postDate WHERE eventID = :eventID') ;
                $stmt->execute(array(
                ':eventID' => $eventID,
                    ':eventName' => $eventName,
            ':eventTime' => $eventTime,
            ':eventLocation' => $eventLocation,
            ':postDate' => date('Y-m-d H:i:s')
                ));
                //redirect to index page
                header('Location: view-event.php?action=updated');
                exit;
            } catch(PDOException $e) {
                echo $e->getMessage();
            }
        }
    }
    ?>

And

<?php
        //check for any errors
        if(isset($error)){
            foreach($error as $error){
                echo $error.'<br />';
            }
        }
            try {
                $stmt = $db->prepare('SELECT eventID,eventName, eventTime, eventLocation, postDate FROM event WHERE eventID = :eventID') ;
                $stmt->execute(array(':eventID' => $_GET['eventID']));
                $row = $stmt->fetch(); 
            } catch(PDOException $e) {
                echo $e->getMessage();
            }
        ?>

HTML Form

<form role="form" method="post" action=''>
<input type="hidden" class="form-control" placeholder="Enter Event Name" name="eventID" value='<?php echo $row['eventID'];?>'>
<input class="form-control" placeholder="Enter Event Name" name="eventName" value='<?php echo $row['eventName'];?>'>
<input class="form-control" placeholder="Enter Event Time" name="eventTime" value='<?php echo $row['eventTime'];?>'>
<input class="form-control" placeholder="Enter Event Location" name="eventLocation" value='<?php echo $row['eventLocation'];?>'>
<input type="submit" class="btn btn-primary" name="submit" value="Edit Event">
</form>

Hi, Here is the code. I want to update data to mysql database. When I hit the button it just loaded to "view-event.php?action=updated" this page but nothing changes in database. Please help me.

Why is there an `action=updated`? you are not accessing any GET data in your code... Post your form's HTML code — Spoody, Mar 04 '18 at 19:44
Put this on top of your page and tell us if you now see any errors: `error_reporting(E_ALL); ini_set('display_errors', 1);`. — , Mar 04 '18 at 19:51
hello @aendeerei there is no error code. but updation to database is not working. — Arnab Dasgupta ADG, Mar 04 '18 at 19:54
do a `var_dump($_POST)` and **update your question** with the result, do you get any output after submitting the form? — Spoody, Mar 04 '18 at 19:59
Its redirecting to view-event.php?action=updated but nothing changes in mysql — Arnab Dasgupta ADG, Mar 04 '18 at 20:11
@aendeerei I already updated first input name. but still not working — Arnab Dasgupta ADG, Mar 04 '18 at 20:18
Ah, ok. Then please give us the create table syntax, so that we can test too. — , Mar 04 '18 at 20:20
Arnab, we are waiting for the statement `CREATE TABLE event ...` from you. — , Mar 04 '18 at 20:28
I like that you're using PDO, that shows you're trying to do things right, but what is `stripslashes` doing here? That just damages data. The primary reason that function exists is to deal with the garbage "magic quotes" create, a feature that's been removed from PHP entirely because of what a spectacularly bad idea it was. — tadman, Mar 04 '18 at 20:38
My money is on updating `SET eventID = :eventID`, and `WHERE eventID = :eventID`, with emulation on with only one bound param, which wont work. also if you pass in a different id :/ You should also avoid doing `extract($_POST);`. — Lawrence Cherone, Mar 04 '18 at 20:46
@LawrenceCherone In my tests you've earned a lot of money! ;-) — , Mar 04 '18 at 20:59

score 2 · Accepted Answer · edited Mar 05 '18 at 07:59

2

Ok, I finished my tests without the create table santax. If it still doesn't work, then it has to do with the table definition.

Unless you want to do something else with the caught exceptions, other than displaying an error message to the user, you should remove the try-catch blocks. It will allow you to show a user-friendly error message/page in the future, by means of defining an error and an exception handler. While in the meantime PHP will just show you the error message and die: exactly what you need during the development. Take a look into this and this tutorial chapters in order to see how to apply the error and exception handling and reporting.

In the update statement you are using the :eventID marker twice, but assigning the value of $eventID once. In order to be able to do this you need to activate emulation, as part of the connection options. If you don't do this you are receiving the exception

SQLSTATE[HY093]: Invalid parameter number

So, put this in your connection options array:

PDO::ATTR_EMULATE_PREPARES => TRUE

Good luck.

edited Mar 05 '18 at 07:59

Your Common Sense

156,878
40
214
345

answered Mar 04 '18 at 20:54

Thanks @aendeerei it works now. pardon i didn't notice that you asked me the syntax. – Arnab Dasgupta ADG Mar 04 '18 at 21:03
@ArnabDasguptaADG What, I asked you five time at least :-))))) I am joking, Arnab ;-) You are welcome. Read the tutorial, it's awesome. – Mar 04 '18 at 21:05
1

using exit is a terrible idea. as well as echoing the error message in the catch block – Your Common Sense Mar 04 '18 at 21:28
Thanks @YourCommonSense. Your note on echoing is welcomed. That's why I directed Arnab to... your tutorial. Regarding _exit_, why is a terrible idea? Could you please elaborate a bit? – Mar 04 '18 at 21:32
@YourCommonSense Indeed. But now I'm confused of what you say: Isn't a PDO exception (one not catched on purpose, for special purposes) the case in which an exception handler should catch it, display a user-friendly error message/page and exit? I mean: should the page workflow really be permitted to perform upon such an exception? Like by displaying a user-friendly error message in a messages div, above the form? I would say no: a separate error page should be shown. What do you think? – Mar 05 '18 at 00:25
1

Yes it is. That's why catching exceptions like you did is a terrible practice - it will prevent such a graceful handling. You should have told the OP to remove try and catch instead – Your Common Sense Mar 05 '18 at 03:42
@YourCommonSense I got your point now. I did give a wrong advise to the OP indeed. Thanks for your comments. – Mar 05 '18 at 07:45
@YourCommonSense Thank you too. Your edit is welcome and good. Have a nice day. – Mar 05 '18 at 08:17
@ArnabDasguptaADG I did gave you a wrong advise earlier. My bad! Though, thanks to the correct observations of YourCommonSense, the answer is now in the proper form. You might want to read it again. Good luck. – Mar 05 '18 at 08:24

I want to update data to my database using PDO but nothing changes in database

1 Answers1