Updating data not working in Php and MySql

Question

So, I'm new in php and using mysql. In my program, I tried making the simple edit, add and delete functions. Well, the add and delete functions are working but there is something wrong with the edit one... Whenever I go to phpMyAdmin to check if there are changes in the database, I found none…
I would be very thankful if someone could guide me in this part…

A part of adminpanel.php:

if(array_key_exists('editshirt', $_POST))
{
    include 'editshirt.php';
    exit();
}if(array_key_exists('changeshirt', $_POST))
{
    if(!mysqli_query($dbconnect, 'update shirts set 
        shirtName="'.mysqli_real_escape_string($dbconnect, $_POST['shirtName']).'",
        shirtDescription="'.mysqli_real_escape_string($dbconnect, $_POST['shirtDescription']).'",
        shirtGender="'.mysqli_real_escape_string($dbconnect, $_POST['shirtGender']).'",
        shirtColor="'.mysqli_real_escape_string($dbconnect, $_POST['shirtColor']).'",
        shirtPrice="'.mysqli_real_escape_string($dbconnect, $_POST['shirtPrice']).'",
        shirtPicture="'.mysqli_real_escape_string($dbconnect, $_POST['shirtPicture']).'",
        where shirts.shirtId="'.mysqli_real_escape_string($dbconnect, $_POST['shirtId']).''))
        echo ' ';
    exit();
} 

And here's my editShirt.php

<?php
$yas = mysqli_query($dbconnect, "select * from shirts where shirtId=".mysqli_real_escape_string($dbconnect, $_POST['shirtId']));
$roww = mysqli_fetch_array($yas);

echo "<p>Edit Shirt:</p>";
echo "<form action='?' method='post'>";

/*echo "<label for='shirtName'>Shirt Name: </label>
<input type='text' name='shirtName' value=".$roww['shirtName']."><br>";*/
echo "<label for='shirtName'>Shirt Name: </label>
<textarea name='shirtName' style='resize:none'>".$roww['shirtName']."</textarea><br>";

echo "<label for='shirtDescription'>Description: </label>
<textarea name='shirtDescription' rows='10' cols='30' style='resize:none'>".$roww['shirtDescription']."</textarea><br>";

echo "<label for='shirtGender'>Gender: </label>
<input type='radio' name='shirtGender' value='0'";
if($roww['shirtGender']=='0') echo"checked='checked'";
    echo ">Male&nbsp&nbsp<input type='radio' name='shirtGender' value='0'";
if($roww['shirtGender']=='1') echo "checked='checked'";
    echo ">Female&nbsp&nbsp<input type='radio' name='shirtGender' value='1'";
if($roww['shirtGender']=='2') echo "checked='checked'";
    echo ">Unisex<br><br>";

echo "<label for='shirtColor'>Color: </label>
<input type='radio' name='shirtColor' value='0'";
if($roww['shirtColor']=='0') echo "checked='checked'";
    echo ">Colored&nbsp&nbsp<input type='radio' name='shirtColor' value='1'";
if($roww['shirtColor']=='1') echo "checked='checked'";
    echo ">White&nbsp&nbsp<input type='radio' name='shirtColor' value='1'";
if($roww['shirtColor']=='2') echo "checked='checked'";
    echo ">Black<br><br>";

echo "<label for='shirtPrice'>Shirt Price: </label>
<input type='text' name='shirtPrice' value=".$roww['shirtPrice']."><br>";

echo "<label for='shirtPicture'>Shirt Picture: </label>
<input type='text' name='shirtPicture' value=".$roww['shirtPicture']."><br>";

echo "<input type='hidden' name='shirtId' value=".mysqli_real_escape_string($dbconnect, $_POST['shirtId']).">";

echo "<input type='submit' name='changeshirt' value='Update shirt'>";

echo "</form>";?>

Answer 1

This code is written in very bad way, although I have corrected the code.

mysqli_query($dbconnect, "update shirts set 
    shirtName='".mysqli_real_escape_string($dbconnect, $_POST['shirtName'])."',
    shirtDescription='".mysqli_real_escape_string($dbconnect, $_POST['shirtDescription'])."',
    shirtGender='".mysqli_real_escape_string($dbconnect, $_POST['shirtGender'])."',
    shirtColor='".mysqli_real_escape_string($dbconnect, $_POST['shirtColor'])."',
    shirtPrice='".mysqli_real_escape_string($dbconnect, $_POST['shirtPrice'])."',
    shirtPicture='".mysqli_real_escape_string($dbconnect, $_POST['shirtPicture'])."',
    where shirts.shirtId='".mysqli_real_escape_string($dbconnect, $_POST['shirtId'])."'");

Hope this will help.

Answer 2

While Manoj's answer should work (the problem is with the quoting) it's still not the right way to solve the problem.

The following is slightly less efficient (but try measuring the difference) however (IMHO) its a lot more readable:

$d=array_map(array($dbconnect, 'real_escape_string'), $_POST); 
      // returns a numbered array
$d=array_combine(array_keys($_POST), $d);
      // restores the key names
$upd="update shirts set 
    shirtName       ='$d[shirtName]',
    shirtDescription='$d[shirtDescription]',
    shirtGender     ='$d[shirtGender]',
    shirtColor      ='$d[shirtColor]',
    shirtPrice      ='$d[shirtPrice]',
    shirtPicture    ='$d[shirtPicture]',
    where shirts.shirtId='$d[shirtId]'";
if (!mysqli_query($dbconnect, $upd) {
      your_error_handler(mysqli_error($dbconnect) . "\nin\n" . $upd);
      exit; 
}

Here I've eliminated the repeated calls to mysqli_real_excape_string so I can seperate out debugging the SQL from debugging the PHP.

But the important bits are that the verbose generation of the sql statement is kept separate from the conditional invocation (and the query string is saved if we need it subsequently) then the addition of a call to a function to report what went wrong!

But really to structure this properly, I would create an array describing the attributes in the record and iterate through it to generate both the form and the mysql update statement.