I like to have a standard value filled in the input field.
I have this code:
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = '".$_GET['gebruiker']."' ");
$stma->execute();
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}
/// my form
echo '<form method="POST" >
<table>
<th colspan="3"><h1>Gebruiker bewerken</h1></th>
<tr>
<th>
<h3>Gebruikersnaam: </h3>
</th>
<td>
<input style="width: 70%;" type="text" READONLY value="'.$Username.'" >
// the value must be filled in this input field
</td>
</tr>
<tr>
<th>
<h3>Wachtwoord: </h3>
</th>
<td>
<input style="width: 70%;" type="password" name="wachtwoord" REQUIRED>
</td>
</tr>
<tr>
<th>
</th>
<td colspan="2">
<input type="submit" name="bewerken" class="button" style="vertical-align:middle" value="Opslaan">
</td>
</tr>
'.$error.'
</table>
</form>';
The code doesn't fill in the value i got from the database.
I still get an empty form field.
My query returns 1 result row (i checked)
Does someone see my mistake?
I don't see the mistake i've made (it must me my mistake, it worked for me on other forms too)
To make sure it outputs all errors and warnings (for debugging), this might help:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Place above mentioned code at the top of your file.
And you might want to prevent any SQL injection as well:
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = ? ");
$stma->bindParam(1, $_GET['gebruiker'], PDO::PARAM_INT);
$stma->execute();
$stma->debugDumpParams(); // you could use this to check whether or not all parameters are set correctly
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}
Below is a working example.
PHP
try {
$conn = new PDO('mysql:host=localhost;dbname=YourDBname', 'root', '');
} catch (PDOException $e) {
echo $e->getMessage();
}
$id = $_GET['gebruiker'];
$sql = "SELECT * FROM `users` WHERE id = :id";
$stm = $conn->prepare($sql);
$stm->execute(['id'=>$id]);
$user = $stm->fetchObject();
$username = $user->username;
HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Test</title>
</head>
<body>
<form action="POST">
<input type="text" value="<?php echo (isset($username)) ? $username : 'No value' ; ?>">
</form>
</body>
</html>
If your set gebruiker from your url, then you just have do it like: script.php?gebruiker = 1 You can replace 1 with any ID value that exists in your table.
please try this code
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = '".$_GET['gebruiker']."' ");
$stma->execute();
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}
**please replace this code**
$res = $conn->query("SELECT * FROM users WHERE ID = '".$_GET['gebruiker']."' ");
$allRows = $res->fetch_assoc();
$Username = $allRows['UserName'];
Related
I have this Add Edit Delete form, the problem is:
when I put everything and I click on ADD it says "Data added successfully." but the data isn't in my table of phpAdmin and it not shows in the page...
Or is simply because my hoster doens't work with MySQLi but with MySQL?
Without talking about SQL Injections because Im not so expert and dont know how protect from that, this pages will be protected with login area so only restricted members will access to it.
index.php
<?php
//including the database connection file
include_once("config.php");
//fetching data in descending order (lastest entry first)
//$result = mysql_query("SELECT * FROM users ORDER BY id DESC"); // mysql_query is deprecated
$result = mysqli_query($mysqli, "SELECT * FROM `user` ORDER BY id DESC"); // using mysqli_query instead
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
Add New Data<br/><br/>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Steam Username</td>
<td>Steam Password</td>
<td>Steam Guard Code</td>
<td>Update</td>
</tr>
<?php
//while($res = mysql_fetch_array($result)) { // mysql_fetch_array is deprecated, we need to use mysqli_fetch_array
while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['steamUE']."</td>";
echo "<td>".$res['steamPW']."</td>";
echo "<td>".$res['steamGC']."</td>";
echo "<td>Edit | Delete</td>";
}
?>
</table>
</body>
</html>
add.html
<html>
<head>
<title>Add Data</title>
</head>
<body>
Home
<br/><br/>
<form action="add.php" method="post" name="form1">
<table width="25%" border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE"></td>
</tr>
<tr>
<td>Steam Password</td>
<td><input type="text" name="steamPW"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Add"></td>
</tr>
</table>
</form>
</body>
</html>
edit.php
<?php
// including the database connection file
include_once("config.php");
if(isset($_POST['update']))
{
$id = mysqli_real_escape_string($mysqli, $_POST['id']);
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
} else {
//updating the table
$result = mysqli_query($mysqli, "UPDATE `user` SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
//redirectig to the display page. In our case, it is index.php
header("Location: index.php");
}
}
?>
<?php
//getting id from url
$id = $_GET['id'];
//selecting data associated with this particular id
$result = mysqli_query($mysqli, "SELECT * FROM `user` WHERE id='$id'");
while($res = mysqli_fetch_array($result))
{
$steamUE = $res['steamUE'];
$steamPW = $res['steamPW'];
$steamGC = $res['steamGC'];
}
?>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
Home
<br/><br/>
<form name="form1" method="post" action="edit.php">
<table border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE" value="<?php echo $steamUE;?>"></td>
</tr>
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamPW" value="<?php echo $steamPW;?>"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC" value="<?php echo $steamGC;?>"></td>
</tr>
<tr>
<td><input type="hidden" name="id" value=<?php echo $_GET['id'];?>></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
delete.php
<?php
//including the database connection file
include("config.php");
//getting id of the data from url
$id = $_GET['id'];
//deleting the row from table
$result = mysqli_query($mysqli, "DELETE * FROM `user` WHERE id='$id'");
//redirecting to the display page (index.php in our case)
header("Location: index.php");
?>
add.php
<html>
<head>
<title>Add Data</title>
</head>
<body>
<?php
//including the database connection file
include_once("config.php");
if(isset($_POST['Submit'])) {
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
//link to the previous page
echo "<br/><a href='javascript:self.history.back();'>Go Back</a>";
} else {
// if all the fields are filled (not empty)
//insert data to database
$result = mysqli_query($mysqli, "INSERT INTO `user` (steamUE,steamPW,steamGC) VALUES ('$steamUE','$steamPW','$steamGC')");
//display success message
echo "<font color='green'>Data added successfully.";
echo "<br/><a href='index.php'>View Result</a>";
}
}
?>
</body>
</html>
config.php
<?php
/*
// mysql_connect("database-host", "username", "password")
$conn = mysql_connect("localhost","root","root")
or die("cannot connected");
// mysql_select_db("database-name", "connection-link-identifier")
#mysql_select_db("test",$conn);
*/
/**
* mysql_connect is deprecated
* using mysqli_connect instead
*/
$databaseHost = 'sql.website.com';
$databaseName = '';
$databaseUsername = '';
$databasePassword = '';
$mysqli = mysqli_connect($databaseHost, $databaseUsername, $databasePassword, $databaseName);
?>
It not doesn't says or shows any errors or any other problems, it says only data added successfully and nothing else. I don't understand why it doesn't add any data in my tables, i checked everything again and again, maybe because i'm tired but i tried to rename tables names but nothing change, is the same...
Spotted three errors,
add.php: Column names should be without ''. Check the following
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
edit.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
delete.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
If the connection with DB is successful, it must work (and this answer deserves a green tick from you :D).
Or is simply because my hoster doens't work with MySQLi but with
MySQL?
Wherever I faced issues, I got some error or a blank page.
Check your dB connection. Turn to mysqli, declair it with $sql with (errno), but call your param before $sql. Use if condition to check your connection. On your add please use prepared with $stmnt and execute it.
I have a table in MS SQL Server database. The datatypes for the fields are INT, NUMERIC, and NVARCHAR. I have EDIT option at the back of each row in the table. When the EDIT
option is clicked, it brings to a form where we can enter the values to be updated. The issue I am having is: When I leave the form's field empty for the datatype NUMERIC, I get the following error:
SQLSTATE[42000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL
Server]Error converting data type nvarchar to numeric.
Also, in the edit.php some inputs have dropdowns. I want to assign different background colors for different options. The code snippet for edit.php is:
<?php
require_once('include/database.php');
if (isset($_POST['btn_submit'])) {
if (isset($_POST['txt_id'])) {
$id = $_POST['txt_id'];
} else {
$id = '';
}
if (isset($_POST['txt_arc_capacity'])) { //Its datatype is NUMERIC(25).
$arc = $_POST['txt_arc_capacity'];
} else {
$arc = 0;
}
if (isset($_POST['txt_qrating'])) { //It has dropdowns, namely Q1, Q2,Q3,Q4. I want to assign when the value is Q1(background color: green)
$qrating = $_POST['txt_qrating'];
} else {
$qrating = '';
}
try {
$stmt = $conn->prepare("UPDATE MATRIX SET ARC_Capacity=:arc,
Q_Rating=:qrating
WHERE OBJECTID =:id");
$stmt->execute(array(':arc' => $arc, ':qrating'=>$qrating, ':id' => $id));
if ($stmt) {
header('Location:index.php');
exit();
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
$object_id='';
$arc = '';
$qrating = '';
if (isset($_GET['id'])) {
$id = $_GET['id'];
$stmt = $conn->prepare("SELECT * FROM MATRIX WHERE OBJECTID=:id");
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$object_id = $row['OBJECTID'];
$arc = $row['ARC_Capacity'];
$qrating = $row['Q_Rating'];
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit the Data</title>
</head>
<body>
<h2>Edit the records</h2>
<form action="" method="post">
<table border="3px" cellpadding="5px">
<tr>
<td>ARC Capacity (estimate PN)</td>
<td><label>
<input type="text" name="txt_arc_capacity" value=
"<?=$arc; ?>"></label></td>
</tr>
<tr>
<td>Q Rating</td>
<td><label>
<select name="txt_qrating" class="textfields" id="design">
<option id="0">Select One</option>
<?php
require_once('include/database.php');
$stmt = $conn->prepare("SELECT * FROM MATRIX_DROPDOWNS");
$stmt ->execute();
$result = $stmt->fetchAll();
foreach($result as $row){
?>
<option id="<?=$row['OBJECTID'];?>"><?=$row['Q_Rating']?></option>
<?php } ?>
</select>
</label>
</td>
<tr>
<tr>
<td><label>
<input type="hidden" name="txt_id" value="<?= $object_id; ?>">
</label>
</td>
<td><label><input type="submit" name="btn_submit" value="Submit">
</label>
</td>
</tr>
</table>
</form>
Look like everything is working fine with this code but in fact fails to update the database, Data are displayed correctly while fetching data but when i press update Button the data disappear but no update has been executed. It look fine to me but seems i am wrong.
This is a project for my professor so i don't care for the SQL injection and others.
<html>
<head>
<link rel="stylesheet" type="text/css" href="btnstyle.css">
<title>Managament System</title>
</head>
<body>
<h1>TU Chemnitz Student managament system</h1>
<br>
ADD Person
Edit Person
Manage Boards
Manage Departments
Search N&S
Triple Search
Membership
<br>
<br>
<?php
// set database server access variables:
$host = "localhost";
$user = "";
$pass = "";
$db = "";
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$querys = "SELECT * FROM tblperson";
// execute query
$result = mysql_query($querys) or die ("Error in query: $query. ".mysql_error());
echo "<table border=1 align=center>
<tr>
<th>Personal ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Deparment</th>
<th>Board</th>
<th>Marticulation Number</th>
<th>Reg Date</th>
<th>Action</th>
</tr>";
while($row = mysql_fetch_array($result)) {
?>
<?php
echo '<tr>';
echo '<td>'. $row['personid'].'</td>';
echo '<td>'. $row['personname'].'</td>';
echo '<td>'. $row['personsurname'].'</td>';
echo '<td>'. $row['persondepartment'].'</td>';
echo '<td>'. $row['personboard'].'</td>';
echo '<td>'. $row['martinumber'].'</td>';
echo '<td>'. $row['personregdate'].'</td>';
echo '<td>'.' EDIT '.'</td>';
}
?>
</body>
</html>
and this is the edit file which seems to problematic.
<?php
include_once('coneksioni.php');
if(isset($_GET['edit']))
{
$personid = $_GET['edit'];
$res = mysql_query("SELECT * FROM tblperson WHERE personid='$personid'");
$row = mysql_fetch_array($res);
}
if(isset($_POST['newpersonname']))
{
$newpersonname = $_POST['newpersonname'];
$personid = $_POST['personid'];
$sql = "UPDATE tblperson SET personname = '$newpersonname' WHERE personid = '$personid'";
$res = mysql_query($sql) or die ("Cant be updated");
echo "< meta http-equiv='refresh' content='0;url=home.php'>";
}
?>
<form action="edit20.php" method="POST">
<table border="0">
<tr>
<td>First Name</td>
<td><input type="text" name="newpersonname" value="<?php echo $row[1];?>" maxlength="30" size="13"></td>
</tr>
<tr>
<td>Last Name</td>
<td> <input type="text" name="personsurname" value="<?php echo $row[2];?>" maxlength="30" size="30"></td>
</tr>
<tr>
<td>Department</td>
<td>
<select name='persondepartment'>
<option>Production</option>
<option>Sales</option>
</select>
</td>
</tr>
<tr>
<td>Board</td>
<td>
<select name='personboard'>
<option>Evaluation</option>
<option>Executive</option>
<option>Research</option>
</select>
</td>
</tr>
<tr>
<td>Marticulation Number</td>
<td> <input type="text" name="martinumber" maxlength="60" size="30"></td>
</tr>
<tr>
<td>Date of Registration</td>
<td><input type="date" name="personregdate" maxlength="7" size="7"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value=" Update"></td>
</tr>
</table>
</form>
You are looking for personid when the Update button is pressed on the form in edit20.php but that value has never been set so it will be empty and the update will fail.
After
<form action="edit20.php" method="POST">
add:
<input type="hidden" name="personid" value="<?php echo $personid; ?>">
On edit page seem your confusing the same variable with different values. If you state $personid variable to contain the edit value from get, then just re-use the variable don't assign new value. On this line you assign new value :
$personid = $_POST['personid'];
Don't assign new value since it has the initial value already to use just set the variable global for usage
$personid = $_GET['edit'];
Or else create a hidden element and pass edit value into it.
Please add name attribute for your update button
<td colspan="2"><input type="submit" name="update" value=" Update"></td>
and chk whether the update button set or reset as in the place of
if(isset($_POST['newpersonname'])) // change text 'newpersonname' as 'update'
You use a variable that doesn't excist:
<?php
include_once('coneksioni.php');
if(isset($_GET['edit']))
{
$personid = $_GET['edit'];
$res = mysql_query("SELECT * FROM tblperson WHERE personid='$personid'");
$row = mysql_fetch_array($res);
}
if(isset($_POST['newpersonname']))
{
$newpersonname = $_POST['newpersonname'];
$personid = $_POST['personid']; // this doesn't excist
$sql = "UPDATE tblperson SET personname = '$newpersonname' WHERE personid = '$personid'";
$res = mysql_query($sql) or die ("Cant be updated");
echo "< meta http-equiv='refresh' content='0;url=home.php'>";
}
?>
$personid = $_POST['personid']; doesn't excist in your code. Its simply a piece of code you put in there to probably proces, but forgot to define the variable in the code. Place the following in your form.
<input type="hidden" name="personid" value="<?php echo $_GET['edit']; ?>">
You only use this just once because you send the form back after proces to your home, hence it wont be used anymore. You can also use the avariable you defined as $personid; on that position.
If that fails, something maybe wrong in your query. Try to echo out the query (remove qucikly the meta command) by simply just do echo $sql after you do the sql query. 9 out of 10 times, it's a typo.
I seem to have problem fixing this:
<?php
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$id = $_GET["title"];
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
?>
<html>
<head>
<title>Edit Page</title>
</head>
<body>
<tr>
<td>
<table border="1">
<form method="post" action="newsedit.php">
<tr>
<td>
<input type="text" name="name" size="40" value="<?php echo "$now[title]" ?>">
</tr>
</td>
<tr>
<td>
<input type="text" name="name1" size="500" value="<?php echo "$now[content]" ?>">
</tr>
</td>
</form>
</tr>
</td>
</table>
</body>
</html>
I seem can't get to show of the title and the content that I have in my database so that I can edit it I get this error:
Notice: Undefined index: title in C:\xampp\htdocs\newsedit.php on line 6
Could someone help please ?
EDIT : Heres the code where I submit the news and ouput them.
EDIT2 : Re-posted the second php file. Here how it looks. This time, no error but it doesnt show the content and title i want .. in the input fields.
<?php
$id ="";
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
?>
<html>
<head>
</head>
<body>
<tr>
<td>
<table border="1">
<form method="post" action="newsedit.php">
<tr>
<td>
<input type="text" name="title" size="40" value="<?php echo "$now[title]" ?>">
</tr>
</td>
<tr>
<td>
<input type="text" name="content" size="500" value="<?php echo "$now[content]" ?>">
</tr>
</td>
</form>
</tr>
</td>
</table>
</body>
</html>
Basically, I need the ouput from first code to show in second and so I can edit it then update it.
<?php
if ( isset( $_GET['name'] ) )
{
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$id = $_GET["name"];
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
}
?>
Because $_GET["title"]; was never defined. Not sure what are you trying to do with title.
You need to check if the variable is set with isset before you use it.
<?php
if(isset($_GET['title']))
$id = $_GET["title"];
?>
In your previous page's code you need to change the form method to GET so you can check your title with $_GET on the next page.
<form method="GET" action="admin.php">
<input type="text" name="title">
<textarea name="content"></textarea>
<input type="submit" value="posthorses"/>
</form>
I'm trying to setup a form that can update my product.
the code reads data ok, but $update is getting errors that prevents the update from doing anything.
The errors are :
Undefined variable: update
mysqli::query(): Empty query (after submit the form)
Please Help! Thanks.
//include database configuration file
include("config.php");
$mysqli->set_charset("utf8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Edit Page</title>
</head>
<body>
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
$updateproductname = $_POST['updateproductname'];
$updatesku = $_POST['productsku'];
$updateproductoriginal = $_POST['updateoriginalname'];
$updatedescshort = $_POST['updatedescshort'];
$update = $mysqli->query("UPDATE testproducts".
"SET product_sku=$updatesku, product_name=$updateproductname, 'product_originalname'='$updateproductoriginal', 'product_description_short='$updatedescshort' ".
"WHERE product_id = '$id' ");
$mysqli->query($update) or die("Cannot update");//update or error
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
?>
<h2>Update Record <?php echo $id;?></h2>
<form action="" method="post">
<?php
while ($row = $result->fetch_assoc()) {?>
<table border="0" cellspacing="10">
<tr>
<td>Product Name:</td> <td><input type="text" name="updateproductname" value="<?php echo $row['product_name']; ?>"></td>
</tr>
<tr>
<td>Product Original Name:</td> <td><input type="text" name="updateoriginalname" value="<?php echo $row['product_originalname']; ?>"></td>
</tr>
<tr>
<td>Product SKU:</td> <td><input type="text" name="productsku" value="<?php echo $row['product_sku']; ?>"></td>
</tr>
<tr>
<td>ShortDescription:</td> <td><input type="text" name="updatedescshort" size="100" value="<?php echo $row['product_description_short']; ?>"></td>
</tr>
<tr>
<td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
</tr>
</table>
<?php
}
?>
</form>
<?php
if($update){//if the update worked
echo "<b>Update successful!</b>";
}
?>
</body>
</html>
a) You are vulnerable to SQL injection attacks
b) Read the docs for mysqli_query(). The function takes a query STRING, and returns a RESULT HANDLE. You're then taking that result handle and trying to re-query it. If you'd bothered having proper error handling on ALL of your mysqli calls, you'd have seen this.
was able to update the record after moving the update and select code to top of html
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
// Check connection
$productname = $_POST['updateproductname'];
$productoriginal = $_POST['updateoriginalname'];
$sku = $_POST['productsku'];
$descshort = $_POST['updatedescshort'];
$mysqli->query("UPDATE testproducts ".
"SET product_name='$productname',product_originalname='$productoriginal', product_sku='$sku', product_description_short='$descshort'".
" WHERE product_id='$id'");
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
//$query=getenv(QUERY_STRING);
//parse_str($query);
//$ud_title = $_POST['Title'];
//$ud_pub = $_POST['Publisher'];
//$ud_pubdate = $_POST['PublishDate'];
//$ud_img = $_POST['Image'];
$mysqli->close();
?>