PHP syntax error in this query
Question
Can anyone help me figure out what's wrong in this code? It used to work before I added that 3rd query to fill the form with the current info from the database. Now it just returns a white page.
<?php
if (isset($_GET['edit'])) {
echo "<form action=\"user.php\" method=\"post\">";
$userinfo = mysqli_query($con,"SELECT * FROM members WHERE members.id='".$_COOKIE[userid]."' AND members.username='".$_COOKIE[user]."'";
while($uir = mysqli_fetch_array($userinfo)) {
echo "
<label for=\"name\">Navn:</label>
<input type=\"text\" name=\"name\" placeholder=\"Your name\" value=\"".$uir['name']."\"required /><br />
<label for=\"mobil\">Mobil:</label>
<input type=\"tel\" name=\"mobil\" placeholder=\"Mobil tlf\" value=\"".$uir['mobil']."\" required /><br />
<label for=\"bilnr\">Bil #:</label>
<input type=\"tel\" name=\"bilnr\" placeholder=\"Bil Nr.\" value=\"".$uir['bilnr']."\" required /><br />
<label for=\"regnr\">Registrerings nummer:</label>
<input autocapitalize=\"characters\" type=\"text\" name=\"regnr\" placeholder=\"Reg.Nr.\" value=\"".$uir['regnr']."\" required /><br />";
}
echo "<input type=\"submit\" /></form>";
}
elseif (isset($_POST["bilnr"])) {
$sql="UPDATE members SET name='$_POST[name]', mobil='$_POST[mobil]', bilnr='$_POST[bilnr]', regnr='$_POST[regnr]' WHERE id='".$_COOKIE[userid]."' AND username='".$_COOKIE[user]."'";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "<p class=\"red\">Informasjonen er oppdatert!</p>";
mysqli_close($con); }
else {
echo "<a href=\"user.php?edit\">Oppdater bruker info</a>";
}
?>
2 answers
solution1
1 2014-04-17 01:19:33
You should put your array keys between quotes:
$_COOKIE['userid']
Secondly, don't use them directly in your SQL code. It's easier to find bugs in your code when you write your queries like this:
$name = $_POST['name'];
$mobil = $_POST['mobil'];
$bilnr = $_POST['bilnr'];
$regnr = $_POST['regnr'];
$sql="UPDATE members
SET name='$name', mobil='$mobil', bilnr='$bilnr',
regnr='$regnr' etc.
solution2
0 2014-04-17 01:14:41
You forgot to close the bracket for the first mysqli_query at line 6. Just add a closing bracket before the semicolon on that line and php will parse this once again.
ie:
$userinfo = mysqli_query($con,"SNIPPETY SNIP SNIP"."'";
to:
$userinfo = mysqli_query($con,"SNIPPETY SNIP SNIP"."'");
Don't change the actual query to SNIPPETY SNIP SNIP unless you want an SQL error.
Do adjust your code to protect from sql injections as per John Conde's comment.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.