PHP and mySQL “UPDATE” doesn't actually update

Question

So me and my friend came to a conclusion that it's the $_email variable that screws everything up. As long as it's hard coded in, it works. But as soon as it's left as a $_email everywhere, it doesn't. The message goes through as "updated" but it doesn't update.

require_once('appVars6.php');
require_once('connectVars6.php');
$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');
while ($_row = mysqli_fetch_array($_resultOne)) {
echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
echo '<input type="text" name="firstName" id="firstName" value="' . $_row['firstName'] . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_row['lastName'] . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_row['email'] . '" /><br />';
echo '</form>';
}
if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
$_id = $_GET['id'];
$_firstName = $_GET['firstName'];
$_lastName = $_GET['lastName'];
$_email = $_GET['email'];   
}
else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
$_id = $_POST['id'];
$_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
$_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
$_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
}
else {
echo '<br />';
echo '<p class="error">Sorry, no record was selected.</p>';
}
if(isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes') {
//$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_query = "UPDATE midterm " .
"SET email = '$_email'" .
"WHERE id = $_id" ;
$_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));
mysqli_close($_dbc);
echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
}
else {
echo '<p class="error">The record was not updated.</p>';
}
}
else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
echo '<p>Are you sure you want to update the following record?</p>';
/*echo '<form class="update" method="post" action="MT_vjones_updateRecord.php">';
echo '<input type="text" name="firstName" id="firstName" value="' . $_firstName . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_lastName . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_email . '" /><br />';
echo '</form>';*/
echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
echo '<input type="hidden" name="id" value="' . $_id . '" />';
echo '<input type="hidden" name="firstName" value="' . $_firstName . '" />';
echo '<input type="hidden" name="lastName" value="' . $_lastName . '" />';
echo '<input type="hidden" name="email" value="*testBACK2FUN@test.com*" />';
}
echo '<p><a href="MT_vjones_adminAccess.php">&lt;&lt; Back to the Admin Page</a></p>';

As you can see, we put in the email address in there for testing purposes...

Answer 1

  $_query = "UPDATE midterm " .
            "SET email = '$_email' WHERE id = '$_id'" ;

should be

$_query = "UPDATE midterm " .
          "SET email = $_email".
          "WHERE id = $_id " ;

Answer 2

check the id matches what you are intending to update. To be sure print the $_id and $_email prior to the update and after.

@user710502: You don't need to segregate quotes with double-quotes in PHP. It reads it anyway, the only time you might bother is if you are reading from an array eg:

"UPATE midterm SET email='".$POST['email']."'"

Answer 3

Reason is you are using $_ before variable which is not a valid variable declaration.

Because $_ is reserved for SUPER GLOBAL in php (ie $_SESSION,$_SERVER,$_POST,$_GET,$_COOKIE etc) .

if its not a issue for you then you need to concat your variable as below.

$_query = "UPDATE midterm SET email = '".$_email."' WHERE id = '".$_id."'" ;

Answer 4

SOLVED! Form issues.

SHOULD BE:

<?php
require_once('appVars6.php');
require_once('connectVars6.php');

$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');

while ($_row = mysqli_fetch_array($_resultOne)) {
    echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
    echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
    echo '<input type="hidden" name="firstName" id="firstName" value="' . $_row['firstName'] . '" />';
    echo '<input type="hidden" name="lastName" id="lastName" value="' . $_row['lastName'] . '" />';
    echo '<input type="hidden" name="email" id="email" value="' . $_row['email'] . '" />';
    echo '</form>';
}

if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
    $_id = $_GET['id'];
    $_firstName = $_GET['firstName'];
    $_lastName = $_GET['lastName'];
    $_email = $_GET['email'];   
}

    else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
        $_id = $_POST['id'];
        $_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
        $_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
        $_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
    }

        else {
                echo '<br />';
                echo '<p class="error">Sorry, no record was selected.</p>';
        }

if(isset($_POST['submit'])) {
    if ($_POST['confirm'] == 'Yes') {

    $_query = "UPDATE midterm " .
                "SET email = '$_email'" .
                "WHERE id = $_id" ;

    $_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));

    mysqli_close($_dbc);
    echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
    }

        else {
            echo '<p class="error">The record was not updated.</p>';
        }
}

    else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
        echo '<p>Are you sure you want to update the following record?</p>';
        echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
        echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
        echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
        echo '<input type="hidden" name="id" value="' . $_id . '" />';
        echo '<input type="text" name="firstName" value="' . $_firstName . '" /><br />';
        echo '<input type="text" name="lastName" value="' . $_lastName . '" /><br />';
        echo '<input type="text" name="email" value="' . $_email . '" />';
        echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
    }

echo '<p><a href="MT_vjones_adminAccess.php">&lt;&lt; Back to the Admin Page</a></p>';
?>