PHP sql UPDATE not working

Question

I'm trying to update a table in my database, put my update query does not work. I have checked the code many times, but I can't see anything wrong with it. I'm calling a php-file and sending data over to it with javascript. Any ideas?

This is my php-file:

include 'db-connect.php';

$db->autocommit(false);

$postdata = file_get_contents("php://input");
$request = json_decode($postdata);

$id = $db->real_escape_string($request->ID);
$from = $db->real_escape_string($request->From);
$to = $db->real_escape_string($request->To);
$from_ampm = $db->real_escape_string($request->FromAMPM);
$to_ampm = $db->real_escape_string($request->ToAMPM);

$sql = "update OpeningHours set From = '$from', To = '$to', FromAMPM = '$from_ampm', ToAMPM = '$to_ampm' ";
$sql .= "where ID = '$id'";
$res = $db->query($sql);

$message = array();

if($db->affected_rows <= 0)
{
    $db->rollback();
    $message['error'] = "Could not edit. Contact IT manager.";
    echo json_encode($message);
    die();
}

$db->commit();
$db->close();
$message['error'] = "";
$message['success'] = "Edit Success!";
echo json_encode($message);

And this is the javascript part:

var request = $http({
                method: "post",
                url: "updateOpeningHoursItem.php",
                data: {
                    ID: $scope.openingHoursID,
                    From: $scope.from,
                    To: $scope.to,
                    FromAMPM: $scope.fromAMPM,
                    ToAMPM: $scope.toAMPM
                },
                headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
            });

            request.success(function (data) {

                if(data.error === "")
                {
                    $scope.emptyOpeningHoursFields();
                    $scope.resetOpeningHoursEditForm();

                    swal("Success", data.success, "success");
                }
                else
                {
                    swal("Ops!", data.error, "error");
                }
            });

Answer 1

Hello,

        $host = 'localhost'; 
        $user = 'root';
        $password = '';
        $database = 'youdatabasename';
        $con = mysql_connect($host,$user,$password);
        $res = mysql_select_db($database,$con);

        $postdata = file_get_contents("php://input");
        $request = json_decode($postdata);

        $id = $db->real_escape_string($request->ID);
        $from = $db->real_escape_string($request->From);
        $to = $db->real_escape_string($request->To);
        $from_ampm = $db->real_escape_string($request->FromAMPM);
        $to_ampm = $db->real_escape_string($request->ToAMPM);

        $sql = "UPDATE OpeningHours set From = '".$from."', To = '".$to."', FromAMPM = '".$from_ampm."', ToAMPM = '".$to_ampm."' where ID = '".$id."'";
        $result = mysql_query($sql) or die(mysql_error());

        if($result==0)
        {
            $message['error'] = "Could not edit. Contact IT manager.";
            echo json_encode($message);
            die();
        }

Please try with this code might be work if there any missing something.

Answer 2

You used reserved words in your UPDATE statement, therefore you have to escape them properly using backticks.

Change your SQL statement to

$sql = "UPDATE OpeningHours 
        SET `From` = '".$from."', 
            `To` = '".$to."', 
            `FromAMPM` = '".$from_ampm."', 
            `ToAMPM` = '".$to_ampm."'
        WHERE `ID` = '".$id."'";

Answer 3

You have also used reserved words in you query. Put them in backticks. You can debug this by echo your query. The query should be like this.

$sql = "UPDATE OpeningHours set From = '".$from."', To = '".$to."', FromAMPM = '".$from_ampm."', ToAMPM = '".$to_ampm."' where ID = '".$id."'";
    $result = mysql_query($sql) or die(mysql_error());