PHP form to update single MySQL record is not working

Question

This is what I usually do at command prompt and it works:

UPDATE saleslog SET Status='Closed' Where FileNumber='142840';

The table has about 15 or so columns like ID, FileNumber, Address, Price, Status and more, but I am interested in updating values only in field in the column Status for different records.

What I am trying to make is php form where I can change field in the record always in the same column, but for in different records at different times one at the time, that is to change field in Status column from lets say "Pending" to "Closed"

To be more specific, I want to have form with two fields, where in one I can reference record by FileNumber and the button that when clicked on, would change value in Status field to "CLOSED".

Before Update

ID   FileNumber   Address         Price   Status

234  142840       123 N Park Ave  235.00  Pending

After Update

ID   FileNumber   Address         Price   Status

234  142840       123 N Park Ave  235.00  Closed

I have Googled and found this form somewhere and changed it to my situation. However, every time I click "Update" button, I get error about "unknown column Status". However, if I type something else and click Update, it says "Updated data successfully" but nothing is being updated in the Status field for the record referenced to by typed value in FileNumber column for that particular record.

So, here is the code:

<html>
<head>
</head>
<body>

<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'jack';
$dbpass = 'somepassword';
$myDBname = 'mydatabase';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $myDBname);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}

$FileNumber = $_POST['FileNumber'];
$Status = $_POST['Status'];

$sql = "UPDATE saleslog ".
       "SET Status = $Status ".
   "WHERE FileNumber = $FileNumber" ;

mysql_select_db('mydatabase');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">File Number</td>
<td><input name="FileNumber" type="text" id="FileNumber"></td>
</tr>
<tr>
<td width="100">Status</td>
<td><input name="Status" type="text" id="Status"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>    

Answer 1

Change

$sql = "UPDATE saleslog ".
       "SET Status = $Status ".
   "WHERE FileNumber = $FileNumber" ;

to

$sql = "UPDATE saleslog 
       SET Status = '$Status'
       WHERE FileNumber = '$FileNumber'" ;

NOTE: You are using deprecated mysql_* function - switch to mysqli_ or PDO , and moreover you are vulnerable to SQL injection.

Or at least:

$FileNumber = mysql_real_escape_string($_POST['FileNumber']);
$Status = mysql_real_escape_string($_POST['Status']);

Answer 2

change the query:

$sql = "UPDATE saleslog ". "SET Status = $Status ". "WHERE FileNumber = $FileNumber" ;

to

$sql = "UPDATE saleslog SET Status = '".$Status."' WHERE FileNumber = '".$FileNumber."'";