1

I'm sorry to ask such a narrow question, but I have this code in PHP and it is supposed to update a user's account. There is no error being returned and my IDE cannot identify the problem either. The problem is now that the code is not updating the database. I hope I can get some help on the subject.

Here is my PHP code:

<?php

    session_start();

    $con = mysqli_connect("mysql.serversfree.com", "u190182631_embo", "17011998embo", "u190182631_login");

    $username = $_POST['user_name']; 
    $last = $_POST['lname'];
    $first = $_POST['fname'];
    $address = $_POST['address'];
    $email = $_POST['email'];
    $year = $_POST['year'];

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        if (mysqli_connect_errno()) {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
        }

        mysqli_query($con,"UPDATE users SET last_name = '$last' 
        WHERE user_name = $_SESSION[user_name]");
        mysqli_close($con);
    }   
?>

Any my HTML form if that is needed:

<form method="post" action="update.php">
     Username: <input type="text" name="user_name" value="<?php echo $_SESSION['user_name']?>"><br><br>
     Email: <input type="text" name="email" value="<?php echo $_SESSION['user_email']?>"><br><br>
     Last Name: <input type="text" name="lname" value="<?php echo $_SESSION['last_name']?>"><br><br>
     First Name: <input type="text" name="fname" value="<?php echo $_SESSION['first_name']?>"><br><br>
     Street Address: <input type="text" name="address" value="<?php echo $_SESSION['address']?>"><br><br>
     Year Graduated: <input type="text" name="year" value="<?php echo $_SESSION['year']?>"><br><br>
     <input type="submit" value="Update Information"><br>
 </form>
 <form method="link" action="manage.php">
         <input type = "submit" value = "Cancel"><br> 
 </form>

Any help would be great!

Improve this question
16
  • Change user_name = $_SESSION[user_name] to user_name = '$_SESSION[user_name]' or user_name = '$_SESSION['user_name']' (if anything) --- missing quotes. Commented Dec 26, 2013 at 22:02
  • Your code is vulnerable to SQL injection - consider revising it. stackoverflow.com/questions/60174/… Commented Dec 26, 2013 at 22:02
  • How are you checking? Sometimes the database write happens and the person doesn't check properly. Commented Dec 26, 2013 at 22:02
  • @Fred-ii-, would the missing quotes not throw an error? The question states that none is thrown. Commented Dec 26, 2013 at 22:03
  • It would if the OP would be checking for it. Is only using error reporting on DB connection. @DanBracuk Commented Dec 26, 2013 at 22:04

4 Answers 4

Reset to default
1

Try this - it will also help against SQL injection attacks:

$db = new mysqli("mysql.serversfree.com", "u190182631_embo", "17011998embo", "u190182631_login");

$username = $_POST['user_name']; 
$last = $_POST['lname'];
$first = $_POST['fname'];
$address = $_POST['address'];
$email = $_POST['email'];
$year = $_POST['year'];


if ($_SERVER["REQUEST_METHOD"] == "POST")
{
    if (mysqli_connect_errno())
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    $stmt = $db->prepare("UPDATE users SET last_name = ? AND WHERE user_name = ?;");
    $stmt->bind_param("ss", $last, $_SESSION['user_name']);
    $stmt->execute();
    $stmt->close();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks but, it doesn't help... But, I do appreciate the clarification on prepared statements, I'm new to PHP and prepared statements have confused me for a while.
Nevermind, I messed up your code (i put "s" instead of "ss"). Thank you sooo much for your help. You saved me so much work.
1

The big problem here is that you don't know how to debug the problem yourself, nor what information to include in a request for help.

There is no error being returned

How do you know? you don't check for any error from the query. Consider:

$upd="UPDATE users SET last_name = '$last' 
    WHERE user_name = $_SESSION[user_name]";
if (!mysqli_query($con,$upd)) {
   print "query failed: $upd \n\n<br />" . mysqli_error();
}

You've shown a fragment of the code used to generate the form - but not what actually got sent to to the browser,

As Fred -ii- says, it seems very strange that $_SESSION[user_name] is not quoted in your SQL.

Improve this answer

4 Comments

If you read on in the comments, you would have seen that I did append my code to include mysqli_error(). Even though I am fairly new to PHP, I did spend the better part of half a day trying to figure out the problem and trouble shoot myself...
@picardisbetterthankirk - You need to be patient with those giving you help as I an guarantee they are being patient with you.
I'm sorry, I really did not mean that in a negative tone, I am thankful for all the help I can get, I'm just a bit exasperated is all...
The OP just needed to add $_SESSION['user_name'] = $_POST['user_name']; --- Thanks for the mention btw, cheers. @symcbean
0

try this 

mysqli_query($con,"UPDATE users SET last_name = '$last' WHERE user_name = {$_SESSION['user_name']}");
Improve this answer

Comments

0

Update this line of code:

mysqli_query($con,"UPDATE users SET last_name = '$last' 
WHERE user_name = $_SESSION[user_name]");

with the new one:

mysqli_query($con,"UPDATE users SET last_name = '$last' 
WHERE user_name = $_SESSION['user_name']");

Hope it will work!

Improve this answer

1 Comment

Sorry, returns error. if you already have quotes around the query, you don't need quotes around user_name.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.