PHP Update Confusion

Question

I am updating MySQL row using the following code. could any one tell me how i can error check the update query and only print Success if the update query was successful without any error? and print failed if update query was not successful!

<?php
//start the session
session_start();
// include db configuration
include('include/db_connect.php');
// user's information
$member_id = $_SESSION['id'];
$member_name = $_SESSION['name'];

$contact_id = $_GET['id'];
// $get_contact = "SELECT * FROM `contacts` where contacts_id = '$contact_id'";
$get_contact = mysqli_query($conn, "SELECT * FROM `contacts` where contacts_id = '$contact_id'");

$row = mysqli_fetch_array($get_contact);

if(isset($_POST['submit'])){
    $contact_id = $_POST['contact_id'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $cphone = $_POST['cphone'];
    $city = $_POST['city'];
    $update = "UPDATE `contacts` SET `first_name`='$fname',`last_name`='$lname',`cellphone_number`='$cphone',`city`='$city' WHERE contacts_id = ". $contact_id;
    if (mysqli_query($conn, $update)) {
        echo "
            <script>
                var msg = confirm('Contact Updated');
                if(msg == true || msg == false){
                    location.href='update_contact.php?id=$contact_id';
                }
            </script>
        ";
    } else {
        echo "Error: " . $update . "<br>" . mysqli_error($conn);
    }
}
?>

My question is this: I'm doing my best to find whats the error and i couldn't what it is. It is for my elective project.

fix [sql injection](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) first. — danblack, Jan 14 '19 at 05:44
I am just looking the error, just visit in my github account. (https://github.com/cassandramaureenabante/My-Phonebook) — , Jan 14 '19 at 05:55
Finding errors is easy if you ask for them. See [How to get MySQLi error information in different environments](https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-information-in-different-environments) and [How to get useful error messages in PHP?](https://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php) — Phil, Jan 14 '19 at 05:57
Cassy, pls copy paste the Error that you get on browser. Do you see any error messages? — GeneCode, Jan 14 '19 at 06:13
`if(msg == true || msg == false)`? Why even have that if-statement (or even a `confirm()` at all, sice you don't care about the response)? — M. Eriksson, Jan 14 '19 at 06:19
Multiple problems found. 1. The result of SELECT query is not used (which you probably use it elsewhere, though); 2. SQL Injection might occur in your UPDATE statement; 3. It's meaningless to use `confirm()` JS function (do you mean `alert()`?); 4. Without HTML head & body output, you shouldn't just echo ` — Raptor, Jan 14 '19 at 06:20
More importantly, you should define clearly what's query failed. If your `UPDATE` statement updates zero record, do you count it as failure? You should check the numbers of rows affected via `mysqli_affected_rows($conn)`. — Raptor, Jan 14 '19 at 06:23

score 0 · Answer 1 · answered Jan 14 '19 at 06:49

first of all please learn how to use procedure based query to be safe from SQL injection( I am not here to give tutorials on procedure and SQL injection, it is just warning against malicious code) and now your code solution. There was a problem in the way you were concatenating a variable with a string in your query. I have fixed that part for you.

if you still get any error then share what error you are getting and what is the error message.

<?php
//start the session
session_start();
// include db configuration
include('include/db_connect.php');
// user's information
$member_id = $_SESSION['id'];
$member_name = $_SESSION['name'];

$contact_id = $_GET['id'];

$get_contact = mysqli_query($conn, "SELECT * FROM `contacts` where contacts_id = '".$contact_id."'");

$row = mysqli_fetch_array($get_contact);

if(isset($_POST['submit'])){
    $contact_id = $_POST['contact_id'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $cphone = $_POST['cphone'];
    $city = $_POST['city'];
    $update = "UPDATE `contacts` SET `first_name`='".$fname."',`last_name`='".$lname."',`cellphone_number`='".$cphone."',`city`='".$city."' WHERE contacts_id = '".$contact_id."'";
    if (mysqli_query($conn, $update)) {
        echo "
            <script>
                var msg = confirm('Contact Updated');
                if(msg == true || msg == false){
                    location.href='update_contact.php?id=$contact_id';
                }
            </script>
        ";
    } else {
        echo "Error: " . $update . "<br>" . mysqli_error($conn);
    }
}
?>

score -1 · Answer 2 · answered Jan 14 '19 at 05:59

use this function: 

function alertBox($alert_msg, $redirect_link)
{
    $alert = '<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>';
    $alert .= '<script type="text/javascript">alert("'.$alert_msg.'");';
    if(!empty($redirect_link)):
    $alert .='window.location="'.$redirect_link.'";';
    endif; 
    $alert .='</script>;';
    return $alert;
}

// and for calling..

if((mysqli_query($con,$sql))
{
 echo alertBox("sucessfull","example.php");
}

That's not related to the issue at all. – Raptor Jan 14 '19 at 06:15 — Raptor, Jan 14 '19 at 06:15

PHP Update Confusion

2 Answers2