2

I've seen the related solutions about this and tried it but none of those works. This is my code for Updating Database, the mysql_error shows no sign of error. Don't know what to do. Help!

    <?php 
        mysql_select_db("dbUsers");     
        if(isset($_POST['btnSave'])){

        $firstname=$_POST['firstname'];
        $lastname=$_POST['lastname'];
        $address=$_POST['address'];

        $query1 =("UPDATE `webuser` SET `firstname`='".$firstname."',
                `lastname`='".$lastname."',`address`='".$address."'
                 WHERE empNo = '".$selEmp."' ");

        $result = mysql_query($query1) or die(mysql_error());
        }
        mysql_close($conn);

   ?>
Improve this question
4
  • Echo the statement and put exit after the update line and check.. Whether all the particulars that are to be updated are present in the query. Commented Aug 28, 2016 at 8:25
  • 1
    Danger: You are using an obsolete database API that has been removed from PHP. You should select a modern replacement. You are vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from. Commented Aug 28, 2016 at 8:36
  • @NareshKumar.P thank you. I've seen the error. the empNo is not showing, I'm still trying to figure why. I can echo it but I can't use it in query. Commented Aug 28, 2016 at 8:47
  • have updated the query @eshi. And you could find how to pass the Emp_id from HTML Form while updating the particular row in the DB. Commented Aug 28, 2016 at 10:17

3 Answers 3

Reset to default
1

Instead of using mysql go for mysqli as it preffered and secured.

use the below code for connection (create variable with its values)

$conn = mysqli_connect($servername, $username, $password, $dbname);

For update quesry... use

$sql = "UPDATE webuser SET firstname='".$firtname."' WHERE empNo='".$selEmp."';

and to Query use...

mysqli_query($conn, $sql)

I have not mentioned your whole code but hope you understand it now.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

fyi, This is vulnerable to SQL injection attacks. Please use prepared queries with parameters.
Thank you Vivek. I have fix the problem tho :)
it is just part of it and thanks for your comment .. @RyanVincent
0

Change the update query like this. Since the braces are not allowed.

Ensure that your empNo is present at the time while updating.

<?php
mysql_select_db("dbUsers");     
if(isset($_POST['btnSave'])){
$selEmp = $_POST['emp_id'];
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$address=$_POST['address'];
$query1 ="UPDATE `webuser` SET `firstname`='".$firstname."',
`lastname`='".$lastname."',`address`='".$address."'
WHERE empNo = '".$selEmp."'";    
$result = mysql_query($query1) or die(mysql_error());
}
mysql_close($conn);
?>

<form method="POST" action="">
    <input type="hidden" name="emp_id" value="<?php echo $data['id']; ?>" />
    <input type="text" name="firstname" value="<?php echo $data['firstname']; ?>" />
    <input type="text" name="lastname" value="<?php echo $data['lastname']; ?>" />
    <textarea name="address"><?php echo $data['address']; ?></textarea>
    <input type="submit" name="btnSave" value="UPDATE" />
</form>
Improve this answer

2 Comments

Share thoughts if you face any hindrance in my codes.
Thank you Naresh. I have fix the problem tho. the variable i need is not accesible inside the isset function so what I did is I made a hidden input then pass the value there and get it. Thank you again :)
0

To avoid SQL Injections and the deprecated mysql_* functions use PDO with prepared statements:

define('DB_HOST', 'localhost');
define('DB_NAME', 'dbUsers');
define('DB_USER', 'your_username');
define('DB_PASSWORD', 'your_password');

try {
    //Make your connection handler to your database
    $conn = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $address = $_POST['address'];

    $sql = "UPDATE webuser SET firstname = :firstname, lastname = :lastname, address = :address WHERE empNo = :emp_no";
    $stmt = $conn->prepare($sql);
    $stmt->execute(array(':firstname' => $firstname, ':lastname' => $lastname, ':address' => $address, ':emp_no' => $selEmp));

} catch(PDOException $e) {
    echo $e->getMessage();
    die();
}

More info here.

Improve this answer

3 Comments

Where is the catch?
Thank you Kostas, I have fix the problem tho. :)
Nice. Keep in mind to check about the PDO and how to avoid SQL Injection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.