-5

I am getting the following error when I try to update tables in a db using PHP.

QUERY FAILED You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

(line one is where my query begins)

I've concluded that it has something to do with the "id" but I have no idea what. If I hard code it as "WHERE id = 1" it works, but it really doesn't seem to read the id.

if(isset($_POST['submit'])){

    $username = $_POST['username'];
    $password = $_POST['password'];
    $id = $_POST['id'];

    $query = "UPDATE users SET ";
    $query .= "username = '$username', ";
    $query .= "password = '$password' ";
    $query .= "WHERE id = $id ";

    $result = mysqli_query($connection, $query);
    if(!$result) {

        die("QUERY FAILED" . mysqli_error($connection));    
    }  
}

Here is the HTHML I'm using for the ID:

<form action="login_update.php" method="post">

<div class="form-group">
            <select name="id" id="">
        <?php
    global $connection; 
            $query = "SELECT * FROM users";
            $result = mysqli_query($connection, $query);
            if(!$result){ //om result inte är TRUE then die()
                die('Query failed ' .mysqli_error());
            }

            while($row = mysqli_fetch_assoc($result)){
            $id = $row['id'];
            echo "<option value=''>$id</option>";
        ?>
    </select>

</div>

  <input class="btn btn-primary" type="submit" name="submit" value="Update">

        </form>

I'm running this on localhost so no need for any hashing and the connection to the db works fine.

Saucepan
  • 298
  • 1
  • 6
  • 19
  • 1
    Maybe $_POST['id'] is empty – Evgeniy Belov Oct 12 '18 at 12:42
  • 4
    Your code is open to [SQL injection](https://stackoverflow.com/q/332365/2469308) related attacks. Please learn to use [Prepared Statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Madhur Bhaiya Oct 12 '18 at 12:42
  • 1
    ` – Funk Forty Niner Oct 12 '18 at 12:43
  • 1
    `echo $query; die();` will give you the answer. – MonkeyZeus Oct 12 '18 at 12:43
  • 1
    Parameterize your query. Hash your passwords. Use the connection link in `mysqli_error`. Also note the error from `mysql` relates to the SQL, not PHP, so `at line 1` is the first line of your SQL, not PHP. – user3783243 Oct 12 '18 at 12:43
  • 1
    `mysqli_error()` requires a db connection here. You also don't seem to have any value for the option. – Funk Forty Niner Oct 12 '18 at 12:45
  • 1
    `option value=''` You're not actually passing the id in the field, you're just displaying it. – Patrick Q Oct 12 '18 at 12:46
  • how do i pass the id? im running this on a local host - sorry for not mensioning that, so no attacks sofar :P – Saucepan Oct 12 '18 at 12:47
  • The same way you do for the display, `echo "";`. – user3783243 Oct 12 '18 at 12:49
  • You have no `username` or `password` field in your form. Where do you expect those values to come from? – Patrick Q Oct 12 '18 at 13:11
  • @PatrickQ please elaborate. obviously i do no tget it. – Saucepan Oct 12 '18 at 13:12
  • 1
    `$_POST['username']` There is no `username` field in your form, so `$_POST['username']` doesn't exist. If you had error reporting turned on, you'd be alerted to this. Please take the time to review a basic tutorial on handling forms with PHP. – Patrick Q Oct 12 '18 at 13:14
  • @PatrickQ ive got input fields for that where is enter that data. i get it to work fine [as stated above] if i switch the id to a hardcoded statement – Saucepan Oct 12 '18 at 13:18
  • So you're saying that you did _not_ put your _complete_ form above as asked? Because there are no `username` or `password` fields shown above. If you don't give us a complete picture of what you're doing, we can't help you. – Patrick Q Oct 12 '18 at 13:19

2 Answers2

0

Add query like this:

$query .= "WHERE id = '$id' ";
lucky
  • 308
  • 2
  • 4
  • 17
-1

Add value to select box options

echo "<option value='$id'>$id</option>";
Sachin
  • 789
  • 5
  • 18