0

Please forgive my code as I am still learning PHP.

I am attempting to save data to the database, I was successfully able to save the variables $dobday $dobmonth $dobyear to the database. I have since added new variables - $adderssLine $townCity $postcode $country. When I enter in the details (both birthday and address) and update the database, nothing is saved. When I enter only the address variables, nothing is saved to the database. However, when I enter in only the birthday variables it is saved to the database. The table has the correct column names.

Thank you for any help and your time.

<?php
session_start();

$user=$_SESSION['firstName'];

if (isset($_POST['submit'])){
    $connectDB = mysqli_connect("localhost","root","") 
                    or die("cant connect");  
    //proving the database connection details and saving it as a variable
    mysqli_select_db($connectDB, "registration"); //table name

    // BIRTHDAY

    $updateDBvalues=array();
    $updateArray=array();
    $dobday=$_POST['dobday'];
    $dobmonth=$_POST['dobmonth'];
    $dobyear=$_POST['dobyear'];

    //ADDRESS

    $addressLine=$_POST['addressLine'];
    $townCity=$_POST['townCity'];
    $postcode=$_POST['postcode'];
    $country=$_POST['country'];

    //ADDRESS BELOW

    if(!empty($addressLine))
        $updateArray[]="addressLine='".$addressLine."'";

    if(!empty($townCity))
        $updateArray[]="townCity='".$townCity."'";

    if(!empty($postcode))
        $updateArray[]="postcode='".$postcode."'";

    if(!empty($country))
        $updateArray[]="country='".$country."'";

    //BIRTHDAY BELOW    

    if(!empty($dobday))
        $updateArray[]="dobday='".$dobday."'";

    if(!empty($dobmonth))
        $updateArray[]="dobmonth='".$dobmonth."'";

    if(!empty($dobyear))
        $updateArray[]="dobyear='".$dobyear."'";

    $updateDBvalues=$updateArray;

    $updateDBvalues_imploded=implode(',',$updateDBvalues);

    if(!empty($updateDBvalues)){
        $query="UPDATE users SET $updateDBvalues_imploded WHERE firstName='$user'";

        $connQuery=mysqli_query($connectDB,$query);
        die("Succesfully updated, return to <a href='accountPage.php'>Accounts page</a>");
    }else{
        die ("query did not work");
    }   
}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
phpNew
  • 1
  • 1
  • 2
    Echo your query, you may see some syntax errors. You never check for [mysqli errors](http://php.net/manual/en/mysqli.error.php) to verify that the query actually worked. – aynber Mar 04 '20 at 16:14
  • How would I implement mysqli_errors? – phpNew Mar 04 '20 at 16:33
  • Ensure PHP error logging is switched on, and then ensure mysqli is set to throw exceptions when SQL errors occur. See here: https://stackify.com/php-error-logs-guide/ (php error logging/reporting) https://stackoverflow.com/a/14578644/5947043 (mysqli exception handling) – ADyson Mar 04 '20 at 16:57
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Mar 04 '20 at 16:58
  • Also, using parameterised queries will greatly reduce the likelihood of unexpected SQL syntax errors (e.g. due to an apostrophe character in the user input, or typo on your part, or something like that). So there's advantages in terms of security, readability / neatness of code and reduction in unexpected errors. – ADyson Mar 04 '20 at 16:59

0 Answers0