Mysql not updating database

Question

Can't seem to get the database to update. No errors are returned, all variables are being passed into the function and I've googled for hours probably even days. What's weird is that I have another function using the same code that's in this function that works fine...

    public function updateCustomer($uname, $umail, $ushipping, $uchargeID, $udate, $ID)
{
    try {
        $dbhost = 'host';
        $dbuser = 'app';
        $db_name = 'order';
        $dbpass = '';
        $conn1 = mysql_connect($dbhost, $dbuser, $dbpass);
        $sql1 = "UPDATE customers
                  SET name = $uname, email = $umail, shipping = $ushipping, shipped = 'NO', charge_ID = $uchargeID, date = $udate
                  WHERE ID = $ID";
        mysql_select_db('orders');

        mysql_query($sql1);
        return ;

    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}

Your not using prepared querys, and `mysql_*` functions are deprecated. — Lawrence Cherone, Jul 28 '18 at 19:48
`mysql_query()` will not throw any exception. You should check it's return value, and if false, echo out `mysql_error()`. — Blue, Jul 28 '18 at 19:48
[**Please don't use `mysql_*` functions in new code**](//stackoverflow.com/q/12859942)! They are no longer maintained [and are officially deprecated](//wiki.php.net/rfc/mysql_deprecation). See the [**red box**](//php.net/manual/function.mysql-connect.php)? Learn about [*prepared statements*](//en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](//php.net/pdo) or [MySQLi](//php.net/mysqli) - [this article](//php.net/manual/mysqlinfo.api.choosing.php) can help you choose. If you go with PDO, [here is a good tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). — Blue, Jul 28 '18 at 19:48
`... mysql_connect ... catch (PDOException $e) ...`? Really? You need to find a good tutorial. But asking for that is off-topic here. — Paul Spiegel, Jul 28 '18 at 19:50
Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Progman, Jul 28 '18 at 20:28

Blue · Accepted Answer · 2018-07-28T20:14:29.233

As I mentioned in my comment above, mysql_query() will not throw any exception. You should check it's return value, and if false, echo out mysql_error(). The issue you're having most likely is because none of your variables are being escaped in the database. This is not valid syntax:

UPDATE customers SET name = example_username

You want this:

UPDATE customers SET name = 'example_username'

You're much better off to just tell MySQL where you want variables, and let MySQL to the magic using prepared statements. An example can be found here:

public function updateCustomer($uname, $umail, $ushipping, $uchargeID, $udate, $ID)
{
    try {
        $dbhost = 'host';
        $dbuser = 'app';
        $db_name = 'order';
        $dbpass = '';
        $db = new PDO("mysql:host={$dbhost};dbname={$db_name}", $dbuser, $dbpass);
        $sql1 = "UPDATE customers
                  SET name = :uname, email = :umail, shipping = :ushipping, shipped = 'NO', charge_ID = :ucharge_id, date = :udate
                  WHERE ID = :id";

        $stmt = $db->prepare($sql1);

        $res = $stmt->execute([
          'uname' => $uname,
          'umail' => $umail,
          'ushipping' => $ushipping,
          'ucharge_id' => $uchargeID,
          'udate' => $udate,
          'id' => $ID
        ]);
        return;

    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}

Mysql not updating database

1 Answers1