input in text type won't update in mysql table

Question

I can't figure why this doesn't update my data, received from text inputs:

include "config.php"
printf ("Update PriceList\n");
printf ("<form method=\"post\" action=\"price_red.php\">");
printf ("Select PhoneID: <input type = \"Text\" name = \"PhonID\"><br>");
printf ("PhoneName:<input type = \"Text\" name = \"PhoneName\"><br>");
printf ("PhoneType:<input type = \"Text\" name = \"PhoneType\"><br>");
printf ("ScreenType:<input type = \"Text\" name = \"ScreenType\"><br>");
printf ("Camera: <input type = \"Text\" name = \"Camera\"><br>");
printf ("Quantity: <input type = \"Text\" name = \"Quantity\"><br>");
printf ("Price:<input type = \"Text\" name = \"Price\"><br>");
printf ("Out of stock:<input type = \"Text\" name = \"outofstock\"><br>");
printf ("<input type=\"Submit\" name=\"submit\" value=\"Update\">");
printf ("</form>");

$sql = mysql_query("UPDATE PhonesPriceList SET PhoneName = '$PhoneName', Price = '$Price',     Quantity = '$Quantity', Outofstock = '$outofstock' WHERE PhoneID = '$PhonID';");
$sql1 = mysql_query("UPDATE PhonesDetails SET PhoneType = '$PhoneType', ScreenType = '$ScreenType', Camera ='$Camera' WHERE PhoneID = '$PhonID';");

Welcome to Stack Overflow! You are not doing any error checking in your queries. You *need* to do that after a `mysql_query()` call. Otherwise, your script will break if the query fails. How to do this is outlined in the [manual on `mysql_query()`](http://php.net/mysql_query) or in this [reference question.](http://stackoverflow.com/questions/6198104/reference-what-is-a-perfect-code-sample-using-the-mysql-extension) — Pekka, Dec 05 '11 at 16:16
The code you show is also vulnerable to [SQL injection](http://php.net/manual/en/security.database.sql-injection.php). Use the proper sanitation method of your library (like `mysql_real_escape_string()` for the classic mysql library), or switch to PDO and prepared statements. — Pekka, Dec 05 '11 at 16:16
Is that all of your code? You spit out a form and then immediately do a couple UPDATE queries with undefined variables? — Marc B, Dec 05 '11 at 16:19
no, if you wondering about connecting to mysql server- it's in 'config.php' — soryan, Dec 05 '11 at 16:21

score 1 · Answer 1 · answered Dec 05 '11 at 16:19

The form's data doesn't automatically get converted into variables. The data should be in $_POST[ 'name' ] where "name" is the name attribute of the input field.

Remember to sanitize incoming data before doing any database operations with it (look up mysql_real_escape_string()).

And a small tip: instead of using printf() to output large blocks of text, you can drop back to pure HTML. The code will look much cleaner.

include "config.php"
// go back to pure HTML
?>
Update PriceList
<form method="post" action="price_red.php">
...
<?php  // back to PHP

score 0 · Accepted Answer · answered Dec 05 '11 at 17:01

try something like this . Just make sure you add the appropriate sanitation to prevent injection

   include "config.php"

    if(isset('submit'){
 $Phoneid= $_POST['PhoneID'];
  $Phone_name= $_POST['PhoneName'];
  $Phone_type = $_POST['PhoneType'];
  $screen_type= $_POST['ScreenType'];
  $camera = $_POST['Camera'];
   $Quantity = $_POST['Quantity'];
  $price = $_POST['Price'];
 $outofstock = $_POST['outofstock'];

$dbc = mysqli_connect( data info)
 or die ('Error connecting');
   $query = "UPDATE PhonesPriceList SET PhoneName = '$PhoneName', Price = '$price',     
      Quantity =       '$Quantity', Outofstock = '$outofstock' WHERE PhoneID = '$PhonID' ";

    msqli_query( $dbc, $query) or die (' failed to query');

   echo ' Update successful';

     mysqli_close($dbc);
  }

input in text type won't update in mysql table

2 Answers2