-3

I can't Update my Database with PHP. I don't get any errors but it doesn't change anything!

Here is my file:

<?php
include_once 'dbh.inc.php';
?>


<?php
    $id = $_GET['verId'];
    $name = $_GET['verName'];
    echo $id;
    echo $name;
    $sql  = "UPDATE allusers SET ver = '1' WHERE idUsers = '$id';";
?>

The variables are defined and work. Here's the dbh.inc.php file:

<?php

$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "loginsystem";

$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);

if (!$conn) {

    die("Connection failed: ".msqli_connect_error());

}
?>

Other files that use dbh.inc.php work fine. Thanks for your help.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Ben Schumacher
  • 1
  • 4
    You're not executing the query anywhere, at least as far as I can see it. And if you did, your program was vulnerable to SQL injection. You should use parameterized queries. Have a look at: ["How can I prevent SQL injection in PHP?"](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?r=SearchResults&s=1|1107.7675) – sticky bit Dec 08 '19 at 14:14
  • OMG, thank you I've been struggling with this for hours... – Ben Schumacher Dec 08 '19 at 14:24
  • @MUFAzmi Why would they need to remove the semi-colon? It doesn't break their code and is valid. Not recommended, but valid. – Funk Forty Niner Dec 08 '19 at 17:16
  • you have forget to execute the query .. add this code below the `$sql` variable. `$run = mysqli_query($conn,$query);` – mufazmi Dec 09 '19 at 03:15

1 Answers1

0

You need to execute your SQL, but the way you are using MySQLi is very wrong. Let me show you how to get started with a simple query.

First in your dbh.inc.php (you should name it properly too) you should have the following code:

<?php

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new \mysqli("localhost", "root", "", "loginsystem");
$conn->set_charset('utf8mb4');

Do not use root for connection. Create a valid MySQL user with a proper password.

Then in your main PHP file, you can use it as follows:

<?php

include_once 'dbh.inc.php';

$id = $_GET['verId'];
$name = $_GET['verName'];
echo $id;
echo $name;

// prepare -> bind data -> execute
$stmt = $conn->prepare("UPDATE allusers SET ver='1' WHERE idUsers=?");
$stmt->bind_param('s', $id);
$stmt->execute();

I used here what is called a prepared statement. You can learn more about MySQLi here: https://phpdelusions.net/mysqli_examples/update

Dharman
  • 30,962
  • 25
  • 85
  • 135