1

I have a form for updating data including name , email and age I click the update user button and i will get the error please fill in the required fields.

I have tried writing the sql statement may ways including checking the table name.

{
<?php

$sql = "UPDATE u_data SET Email = '$Email' , Name = ''$Name' , Age = '$Age' WHERE Id = '$Id'";      
if(mysqli_query($conn , $sql))
{
    if(!empty($Email) || !empty($Name) || !empty($Age))
    {
        $Success = "User has been Updated Successfully!";
        header("Location: Updating_U.php?Success=" . urlencode($Success));
        exit();
    }   
}
?>
}

When i fill out all form fields a message is supposed to say User has been Updated Successfully!. But instead i always get an error saying please fill in the required fields. I have no idea why the database row won't update with new data.

Barmar
  • 741,623
  • 53
  • 500
  • 612
bob ronald
  • 29
  • 1
  • There is no code to output required fields error, is this coming directly from mysql? – shn Jun 17 '19 at 23:56
  • There is this code What do you mean directly from mysqli? I have this code on the same page. – bob ronald Jun 18 '19 at 00:01
  • It is likely that your code is not outputting a success string because your database has some null validation for some columns. Also, your code is **HIGHLY** vulnerable to php injection: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – shn Jun 18 '19 at 00:03
  • I know i have spent some time trying to get this to work? I will check the database for null values – bob ronald Jun 18 '19 at 00:07
  • Please include the exact text of error messages in these kinds of reports. – Ken Y-N Jun 18 '19 at 00:12
  • You should check whether the variables are empty before doing the `UPDATE`. And you should use `&&` to combine the tests, not `||`. – Barmar Jun 18 '19 at 00:26
  • if(empty($Email) || $Email == '' || empty($Name) || $Name == '' || empty($Age) || $Age == '') { $Required = "Please fill in the required fields"; header("Location: Updating_I.php?Required=" . urlencode($Required)); exit(); } This code come before else – bob ronald Jun 18 '19 at 01:20

1 Answers1

0

Firstly, your code is Highly vulnerable to PHP injection. More info here.

You also had a typo in your SQL query string. 

<?php
//You had a typo in this line! An extra quote
$sql = "UPDATE u_data SET Email = '$Email' , Name = '$Name' , Age = '$Age' WHERE Id = '$Id'";      

if(!empty($Email) || !empty($Name) || !empty($Age)) {
    if(mysqli_query($conn , $sql)) {
        $Success = "User has been Updated Successfully!";
        header("Location: Updating_U.php?Success=".urlencode($Success));
        exit();
    }   
}
?>

Also, you should be doing validation before executing the query.

shn
  • 865
  • 5
  • 14
  • Oh thanks for that typeo i did not see it The Database does not look like there are any null values the boxes are unchecked – bob ronald Jun 18 '19 at 00:10