update.php not returning errors, but no updates to database

Question

I have checked similar questions to this on here and tried some solutions, but I cannot get it to work. I am newer to php and cannot figure out what the problem is since no errors are returned.

It has be be a simple error, but I cannot find it. Here is my update.php and next is my updateform.php.

<?php
session_start();
//check the session
if (!isset($_SESSION['email'])){
    exit();
}else{
    //include the header
    include ("../includes/header.php");
    require_once ('../includes/mysqli_connect.php');

    #execute UPDATE statement
    $id = mysqli_real_escape_string($dbc, $_POST['emp_id']); 
    $fname = mysqli_real_escape_string($dbc,  
    $_POST['first_name']); 
    $lname = mysqli_real_escape_string($dbc, 
    $_POST['last_name']); 
    $ad = mysqli_real_escape_string($dbc, $_POST['address']); 
    $ci = mysqli_real_escape_string($dbc, $_POST['city']); 
    $st = mysqli_real_escape_string($dbc, $_POST['state']); 
    $zip = mysqli_real_escape_string($dbc, $_POST['zipcode']); 
    $ph = mysqli_real_escape_string($dbc, $_POST['phone']); 
    $e = mysqli_real_escape_string($dbc, $_POST['email']); 
     

    $query = "UPDATE employees SET  
    first_name='$fname',last_name='$lname',
    address='$ad', city='$ci', state='$st', zipcode='$zip', 
    phone='$ph', email='$e'  WHERE emp_id='$id'"; 
    $result = @mysqli_query ($dbc, $query); 
    if ($result){
        echo "<center><p><b>The member account has been updated.
    </b></p>"; 
        echo "<a href=index.php>Home</a></center>"; 
    }else {
        echo "<p>The record could not be updated due to a system 
    error" . mysqli_connect_error() . "</p>"; 
    }
    mysqli_close($dbc);
    //include the footer
    include ("../includes/footer.php");
}

?>



<?php
session_start();
//check session first
if (!isset($_SESSION['email'])){
    echo "You are not logged in!";
    exit();
}else{
    //include the header
    include ("../includes/header.php");
    require_once ('../../mysqli_connect.php');
    $id=$_GET['id']; 
    $query = "SELECT * FROM employees WHERE emp_id=$id"; 
    $result = @mysqli_query ($dbc, $query);
    $num = mysqli_num_rows($result);
    if ($num > 0) { // If it ran OK, display all the records.
        while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
?>
    <form action="eupdate.php" method="post">
    First Name: <input name="fname" size=50 value="<? echo  $row['first_name']; ?>"><p>
    Last Name: <input name="lname" size=50 value="<? echo  $row['last_name']; ?>"><p>
    Address: <input name="address" size=50 value="<? echo  $row['address']; ?>"><p>
    City: <input name="city" size=50 value="<? echo  $row['city'];  
    ?>"><p>
    State: <input name="state" size=2 value="<? echo $row['state']; ?>"><p>
    Zipcode: <input name="zipcode" size=5 value="<? echo $row['zipcode']; ?>"><p>
    Phone Number: <input name="phone" size=10 value="<? echo

$row['phone']; ?>">

Email: ">

    <input type=submit value=update>
    <input type=reset value=reset>
    <input type=hidden name="id" value="<? echo $row['id'];?>">
    </form>
 <?
        } //end while statement
    } //end if statement
    mysqli_close($dbc);
    //include the footer
    include ("../includes/footer.php");
}
?>

Thanks in advance for any advice anyone has on this.

EDIT

Thank you! @RiggsFolly.

That was helpful. Now it is returning these notices, and I cannot figure out how to fix. They are spelled correct. Any suggestions?

Notice: Undefined index: first_name in /home/teasdal2/public_html/bcr/htdocs/Home/eupdate.php on line 17 Notice:

Undefined index: last_name in /home/teasdal2/public_html/bcr/htdocs/Home/eupdate.php on line 18

When you say there are no errors do you mean you see your success message? You won't see errors from the call to `mysqli_query` as you're using the [error suppressor](http://php.net/manual/en/language.operators.errorcontrol.php) — MC57, Jun 30 '18 at 18:40
Stop concatenating strings into SQL statements; you will leave yourself open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. Simply escaping your variables is not enough. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). — elixenide, Jun 30 '18 at 18:41
Also, as @user3004335 said, don't suppress errors. It's hard to debug when you intentionally ignore error messages. — elixenide, Jun 30 '18 at 18:43
I have removed @ from mysqli_query, but still no errors reported. it runs, but will not update database. — Jenna, Jun 30 '18 at 18:52
I'm reading about SQL injection, thank you. I've got a lot to learn, this I know. — Jenna, Jun 30 '18 at 19:21
Also, I have a separate add and delete php, and both function as they should. Therefore, I don't believe it's a connection issue. This one really has me baffled. — Jenna, Jun 30 '18 at 19:26
Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. — RiggsFolly, Jun 30 '18 at 19:37
Thank you! @RiggsFolly. That was helpful. Now it is returning these notices, and I cannot figure out how to fix. They are spelled correct. Any suggestions? Notice: Undefined index: first_name i on line 17 Notice: Undefined index: last_name on line 18 — Jenna, Jun 30 '18 at 22:19

update.php not returning errors, but no updates to database

0 Answers0