Cannot update database
Question
<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password']))
{
// if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
$db_conn = new mysqli('localhost', 'user', 'passwd', 'dbname');
if (mysqli_connect_errno()) {
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}
$query = 'select * from users '
."where userid like'$userid' "
." and password like sha1('$password')";
$result = $db_conn->query($query);
if ($result->num_rows >0 )
{
// if they are in the database register the user id
$_SESSION['valid_user'] = $userid;
}
$db_conn->close();
}
?>
<?
$db_conn = new mysqli('localhost', 'user', 'passwd', 'dbname');
if (mysqli_connect_errno()) {
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}
if (isset($_POST['submit'])) {
if (empty($_POST['name']) || empty ($_POST['dob']) || empty ($_POST['contact'])|| empty ($_POST['address'])|| empty ($_POST['email'])) {
echo "All records to be filled in";
exit;}
}
$name = $_POST['name'];
$dob = $_POST['dob'];
$contact = $_POST['contact'];
$address = $_POST['address'];
$email = $_POST['email'];
$userid = $_SESSION['valid_user'];
$sql = "UPDATE users SET name=$name, dob=$dob, contact=$contact, address=$address, email=$email
WHERE userid ='$userid'";
$result = $db_conn->query($sql);
if (!$result)
echo "Your query failed.";
else
echo "User Information Updated ";
?>
<meta http-equiv="refresh" content="5;URL=members.php" />
I got your query failed when I run it. Anyone have any clue why my database dont get updated?
I'm pretty sure my sql works. Is there any mistake in my coding?
3 answers
solution1
1 2014-10-30 09:07:46
Your query is okay, except that you're not using prepared statements.
The issue lies in your variables. echo them and see what's in them.
Since we don't have access to your database it's hard for us to verify if something else might be wrong with your query. You could for example create an SQL Fiddle .
Something else you should read up on: SQL Injection
Prepared statements look like this:
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$city = "Amersfoort";
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {
/* bind parameters for markers */
$stmt->bind_param("s", $city);
/* execute query */
$stmt->execute();
/* bind result variables */
$stmt->bind_result($district);
/* fetch value */
$stmt->fetch();
printf("%s is in district %s\n", $city, $district);
/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();
?>
solution2
-1 2014-10-30 09:24:27
Looks like your exist statement is wrong..
if (isset($_POST['submit']))
{
if (empty($_POST['name']) || empty ($_POST['dob']) || empty ($_POST['contact'])|| empty ($_POST['address'])|| empty ($_POST['email']))
{
echo "All records to be filled in";
**exit**;
}
}
solution3
-1 2014-10-30 09:54:00
quotes are missing. instead
"UPDATE users SET name=$name, dob=$dob, contact=$contact, address=$address, email=$email WHERE userid ='$userid'"; try this
"UPDATE users SET name='$name', dob=$dob, contact=$contact, address=$address, email=$email WHERE userid ='$userid'";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.