-2

I am using PHP to update remote MySQL database, but table is not updating. PHP does not show any errors.

I am using this php code:

<?php

// php code to Update data from mysql database Table

if(isset($_POST['update']))
{
   
   $connect = mysqli_connect($hostname, $username, $password, $databaseName);
   
   // get values form input text
   
   $headingSrb = $_POST['heading_srb'];
   $paragraphSrb = $_POST['paragraph_srb'];
   $headingEng = $_POST['heading_eng'];
   $paragraphEng = $_POST['paragraph_eng'];        
   // mysql query to Update data
   $query = "UPDATE `update_slide_1` SET `heading_ser`='".$headingSrb."',`paragraph_ser`='".$paragraphSrb."', `heading_eng`='".$headingEng."', `paragraph_eng`='".$paragraphEng."' ";      
   $result = mysqli_query($connect, $query);      
   if($result)
   {
       echo '<p style="text-align: center; padding:5px; background-color: rgba(9, 143, 72, 0.6); color:white; ">Data Updated.</p> ';
       echo "$query";
   }else{
       echo '<p style="text-align: center; padding:5px; background-color: rgba(183, 0, 3, 0.7); color:white; ">Data Not Updated.</p> ';
   }

   mysqli_close($connect);

}


?>

I have entered "asd" in all form text imputs and Echo query shows that it is pulling data from my html form, so that is not a problem:

UPDATE update_slide_1 SET heading_ser='asd',paragraph_ser='asd', heading_eng='asd', paragraph_eng='asd'

Maybe I did not set up the table or columns in my database. Here is the picture of my database table: database table

Marko Sajic
  • 1
  • 3
  • the result echo 'Data Updated'? – Simone Rossaini Aug 19 '20 at 09:25
  • 3
    Please learn how to use prepare stmt for prevent sql inject. – Simone Rossaini Aug 19 '20 at 09:25
  • 1
    No `WHERE` clause ? All entries will be updated – Cid Aug 19 '20 at 09:27
  • Did you try to execute the request you print into PHPMyAdmin ? – Inazo Aug 19 '20 at 09:27
  • @SimoneRossaini Yes I am getting Data Updated, but nothing happens in database. – Marko Sajic Aug 19 '20 at 09:30
  • where you take `mysqli_connect` variable? – Simone Rossaini Aug 19 '20 at 09:32
  • Why would I need WHERE clause? I am updating 4 columns and there is only one row in it. @Cid – Marko Sajic Aug 19 '20 at 09:33
  • Because if when you will have more than 1 row, ALL of them will be updated. [`SQL_SAFE_UPDATES`](https://dev.mysql.com/doc/refman/8.0/en/mysql-tips.html#safe-updates) can prevent this too – Cid Aug 19 '20 at 09:37
  • Thanks for that, but I am using only one row so I left out "where" clause – Marko Sajic Aug 19 '20 at 09:44
  • What's the point of a table with a single row? – Cid Aug 19 '20 at 09:45
  • I have created a "Notification Board" where notifications will be updated every day. That Notification Board will read data from this table. I don't need any other rows for that, right? @Cid – Marko Sajic Aug 19 '20 at 09:54
  • What have you tried to debug the problem? Like: why not check whether MySQL returns any error message? – Nico Haase Aug 19 '20 at 14:19
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 19 '20 at 22:49

1 Answers1

0

To be sure. Do you want to update existing records in your table or insert a new row?

If you want to update, check if the table has any record. Otherwise, it will return nothing. Also, you didn't add where so after running this request all the records in the table will be updated by this data.

If you want to insert a new record you should use insert request. For example:

$query = "INSERT INTO `update_slide_1` (`heading_ser`, `paragraph_ser`, `heading_eng`, `paragraph_eng`) VALUES ('".$headingSrb."', '".$paragraphSrb."', '".$headingEng."', '".$paragraphEng."')";
SeemsLegit
  • 97
  • 3
  • Oh wow, it looks like I did not have any records in my table. I totally missed that part because I have used that table before but i deleted all records later. Thank you! – Marko Sajic Aug 19 '20 at 09:43