We Keep Coding

Update query is not updating data in PHP mysqli (procedural)

I am facing issues with id='$id'
SELECT Query is working fine but update query is not working
if I put any id number instead of $id it updates the data but when I use $id it just does nothing.
<?php
$db = mysqli_connect("localhost", "root", "", "aashir");
$id = $_GET['id'];
$query = "SELECT * FROM students WHERE id='$id' ";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)) {
$key = $row['id'];
$name = $row['student_name'];
$fname = $row['father_name'];
$program = $row['student_program'];
}
if (isset($_POST['submit'])) {
$s_name = $_POST['s_name'];
$s_fname = $_POST['s_fname'];
$s_program = $_POST['s_program'];
$query2 = "UPDATE students SET student_name = '$s_name', father_name = '$s_fname', student_program = '$s_program' WHERE id='$id' ";
mysqli_query($db, $query2);
header("Location:show.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit Student</title>
<link rel="stylesheet" type="text/css" href="css/bootstrap.css">
</head>
<body>
<div class="container mt-5">
<form method="POST" action="edit.php" class="col-lg-6 offset-lg-3">
<h2 class="text-center">Edit a Student</h2>
<div class="form-group">
<input type="text" name="s_name" class="form-control" value="<?php echo $name; ?>">
</div>
<div class="form-group">
<input type="text" name="s_fname" class="form-control" value="<?php echo $fname; ?>">
</div>
<div class="form-group">
<input type="text" name="s_program" class="form-control" value="<?php echo $program; ?>">
</div>
<div class="form-group">
<input type="submit" name="submit" class="btn btn-success" value="Update">
</div>
</form>
</div>
</body>
</html>

you have two options to fix your issue (without talking about SQL injection, already quoted in the comments and to be addressed since it is a huge security risk for your application)
Change the form action to pass the id to the page while processing the form:
action="edit.php?id=<?php echo $id; ?>"
or better add an hidden input with the id:
<input type="hidden" name="id" value="<?php echo $id; ?>">
and then:
if (isset($_POST['submit'])) {
$s_name = $_POST['s_name'];
$s_fname = $_POST['s_fname'];
$s_program = $_POST['s_program'];
$id = $_POST['id'];
in this case the action can remain the same.
Posting the form you are reloading the page and not passing the id anymore via url as at the first load

You're performing the UPDATE using a POST request, yet you're looking for $id as a GET parameter. This way, $id will always be undefined, and thus the query fails.
You can try overloading the form action URL, like so:
<form method="POST" action="edit.php?id=<?php echo $_GET['id']; ?>" class="col-lg-6 offset-lg-3">

UPDATE query is not working php

Going to try to keep it short. I have a while loop in grid.php file to fill up a table as such...
<?php while($product = $products->fetch_assoc()) { ?>
<tr>
<td><?php echo $product['cd_id']?></td>
<td><?php echo $product['cd_title']?></td>
<td><?php echo $product['cd_musician_fname']?></td>
<td><?php echo $product['cd_musician_lname']?></td>
<td><?php echo $product['cd_price']?></td>
<td>Edit</td>
<td>Delete</td>
</tr>
<?php } ?>
If I click the first anchor tag takes me to a edit.php file and here is the head code for that file.
<?php include '_includes/db.php';
$cd_id = trim($_GET['id']);
$message = '';
include '_includes/connection.php';
if($db->connect_error){
$message = $db->connect_error;
}else{
$sql = "SELECT * FROM CD WHERE cd_id = $cd_id";
$result = $db->query($sql);
$row = $result->fetch_assoc();
if($db->error){
$message = $db->error;
}
}
?>
Now I will show the html of edit.php
<!-- Product Musician last name-->
<fieldset class="form-group">
<label for="cd_musician_lname">Musician's lirst name</label>
<input type="text" class="form-control" id="cd_musician_lname" name="cd_musician_lname" value="<?php echo $row['cd_musician_lname'];?>">
</fieldset>
<!-- End of Musician last name-->
<!-- Product price-->
<fieldset class="form-group">
<label for="cd_price">Product price</label>
<input type="text" class="form-control" id="cd_price" name="cd_price" value="<?php echo $row['cd_price'];?>">
</fieldset>
<!-- End of Product price-->
<!-- Form submit button-->
Update Record
<a class="btn btn-primary" href="index.php" role="button">Go Back Home</a>
I have the edit.php page working just fine but if I make changes in the fields and click the submit anchor tag I get all the fields of the row empty but the PK. Here is the code for the final edit_confirm.php file
<?php
include '_includes/db.php';
$cd_id = trim($_GET['id']);
$cd_title = $_POST['cd_title'];
$cd_musician_fname = $_POST['cd_musician_fname'];
$cd_musician_lname = $_POST['cd_musician_lname'];
$cd_price = $_POST['cd_price'];
$message = '';
include '_includes/connection.php';
if($db->connect_error){
die("Connection failed: ".$db->connect_error);
} else {
$sql = "UPDATE CD SET cd_title='".$cd_title."', cd_musician_fname='".
$cd_musician_fname."', cd_musician_lname='".
$cd_musician_lname."', cd_price='".$cd_price."' WHERE cd_id = $cd_id ";
$db->query($sql);
var_dump($sql);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include '_includes/main-head.php';?>
</head>
<body>
<?php include '_includes/main-navbar.php';?>
<div class="container">
<hr>
<?php
if($db->query($sql) === TRUE){ ?>
<h1>Record updated successfully.</h1>
<?php echo $cd_title; ?>
<?php echo $record->affected_rows ?>
<p> record was updated in the database.</p></br>
<?php } else { ?>
<p>Error updating the record: </p> <?php $db->error; ?>
<?php }; ?>
<hr>
<a class="btn btn-primary" href="index.php" role="button">Go Back Home</a>
</div>
<?php include '_includes/main-script.php';?>
</body>
</html>
If you notice in the edit_confirm.php I did a var_dump to see what are the values in the variables and it shows empty.
I need help with this.
Thank you in advance.

Man the better way to do this is make it simple to test if the record is updating or not
formsample.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
include("connection.php");
$id = $_GET['id'];
$query= "select * from clients where id = '$id'";
$sql = mysqli_query($connect, $query);
$result = mysqli_fetch_assoc($sql);
?>
<form action="process.php" method="post">
<input type="text" name="name" id="name" value="<?php echo $result['name'] ?>" />
<input type="text" name="email" id="email" value="<?php echo $result['email'] ?>" />
<input type="hidden" name="id" id="id" value="<?php echo $id?>" />
<input type="submit" />
</form>
</body>
</html>
process.php
<?php
include("connection.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$query = "UPDATE clients set name= '$name', email ='$email' where id = '$id'";
$sql = mysqli_query($connect, $query);
?>

Update Record
This is not the proper way to submit a form - it won't work at all.
You need to have a form opening and closing tag, the target address is in the action attribute of the form element, and the method is on there too and should be post for this form (method="POST"). In your code you have a link where you should have a submit input so it won't submit the data, it will just redirect you to that URL. You should have something like this:
<input type="submit" value="Update Record" />
http://www.w3schools.com/html/html_forms.asp

Form Submit Not Being Detected By isset

I am trying to detect a form click using if(isset($_POST['appSelecter'])){ however it seems to not be returning true. This might be to do with the fact that my button click returns to the same page which would loose the form data i had just populated. Can someone confirm if my assumption is correct and if so - how would i need to change this?
Thanks
tried to only paste a sample piece of code to not confuse matters - seems i have made things worse - here is the full flow
<?php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--META-->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Portal Login</title>
<!--STYLESHEETS-->
<link href="css/style.css" rel="stylesheet" type="text/css" />
<!--SCRIPTS-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<!--Slider-in icons-->
<script type="text/javascript">
$(document).ready(function() {
$(".username").focus(function() {
$(".user-icon").css("left","-48px");
});
$(".username").blur(function() {
$(".user-icon").css("left","0px");
});
$(".password").focus(function() {
$(".pass-icon").css("left","-48px");
});
$(".password").blur(function() {
$(".pass-icon").css("left","0px");
});
});
</script>
</head>
<body>
<!--WRAPPER-->
<div id="wrapper">
<!--SLIDE-IN ICONS-->
<div class="user-icon"></div>
<div class="pass-icon"></div>
<!--END SLIDE-IN ICONS-->
<!--LOGIN FORM-->
<form name="login-form" class="login-form" action="index.php" method="post">
<!--HEADER-->
<div class="header">
<!--TITLE--><h1>Client Portal Login</h1><!--END TITLE-->
<!--DESCRIPTION--><span>Please login to your client portal</span><!--END DESCRIPTION-->
</div>
<!--END HEADER-->
<!--CONTENT-->
<div class="content">
<!--USERNAME--><input name="username" type="text" class="input username" value="Username" onfocus="this.value=''" /><!--END USERNAME-->
<!--PASSWORD--><input name="password" type="password" class="input password" value="Password" onfocus="this.value=''" /><!--END PASSWORD-->
</div>
<!--END CONTENT-->
<!--FOOTER-->
<div class="footer">
<!--LOGIN BUTTON--><input type="submit" name="submit" value="Login" class="button" /><!--END LOGIN BUTTON-->
<!--REGISTER BUTTON--><input type="submit" name="submit" value="Register" class="register" /><!--END REGISTER BUTTON-->
</div>
<!--END FOOTER-->
</form>
<?php
include("application.php");
if(isset($_POST['submit'])){
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
if(isset($_POST['appSelecter'])) {
echo "this is a test message";
}
}
}
function printUserApplicationSelectionForm($applicationsForUser){
echo "<br/>";
echo "<br/>";
echo "<br/>";
echo "<br/>";
foreach ($applicationsForUser as $app) {
?>
<form action="index.php" method="post">
<input type="hidden" name="userid" value="<?php echo $app->getUserid(); ?>">
<input type="hidden" name="name" value="<?php echo $app->getName(); ?>">
<input type="hidden" name="created" value="<?php echo $app->getDateCreated(); ?>">
<input type="hidden" name="invoice" value="<?php echo $app->getInvoice(); ?>">
<input type="hidden" name="comment" value="<?php echo $app->getComment(); ?>">
<input type="submit" name="appSelecter" value="<?php echo $app->getName(); ?>">
</form>
<?php
}
}
function getAppInformation($userid){
$applicationsForUser = array();
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM application WHERE userid = '$userid'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
$index = 0;
while($row = $val->fetch_assoc()){
$userid = $row['userid'];
$name = $row['name'];
$dateCreated = $row['date'];
$invoice = $row['invoiceid'];
$comment = $row['commentsid'];
$application = new Application($userid, $name, $dateCreated, $invoice, $comment);
$applicationsForUser[$index] = $application;
$index++;
}
}
}
$conn -> close();
return $applicationsForUser;
}
function logUserIn($username, $password) {
if(!isset($username) && !isset($password)){
return -1;
}
$result = -1;
//$conn = mysql_connect('localhost', 'web214-admin-ava', 'secondstory');
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
while($row = $val->fetch_assoc()){
$result = $row['id'];
break;
}
}
}
$conn -> close();
return $result;
}
?>
<!--END LOGIN FORM-->
</div>
<!--END WRAPPER-->
<!--GRADIENT--><div class="gradient"></div><!--END GRADIENT-->
</body>
</html>

You have used folowing in the form submit:
onClick="location.href='index.php'" // Making a GET request
This is not submitting the form using POST method. Remove this and it'll work.
Update: There is no submit button with name submit so this condion will not work:
if(isset($_POST['submit']))
Make it:
if(isset($_POST['appSelecter']))
You don't need if(isset($_POST['submit'])) instead use;
if(isset($_POST['appSelecter'])) {
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
}
}

You dont nee this
onClick="location.href='index.php'"
dont do anything , just apply value to button i, i think you have applied already ,
by location.href your request will be send by GET Method in thgis case no form elements sent to the server
if you allow native form submission then all form elements will be sent to server, in case of multiple forms , the only elements sent realted to that submit button form thats it

Big Issues with getting a profile update page to update the databse

I've got a big issue with my website. I've made a profile page which will allow users to amend their details, and then submit. Upon submitting the details should be updated in the database, however I just get a blank page and nothing happens. I've been up for 30+ hours trying to figure things out but no luck. It's likely to be screwed up, as now is my brain.
Any help would be GREATLY appreciated.
Profile amend page:
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index</title>
<link href="External style sheet layout.css" rel="stylesheet" type="text/css" />
<h1><?php echo date("D M d, Y G:i a"); ?>
<?php $welcome = 'Hi';
if (date("H") < 12) {
$welcome = 'Good Morning';
} else if (date('H') > 11 && date("H") < 18) {
$welcome = 'Good Afternoon';
} else if(date('H') > 17) {
$welcome = 'Good Evening';
}
echo $welcome;
?></h1>
<div class="Login">
<h3><ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
<li>Welcome <?php echo $_SESSION["authenticatedUser"] ?></li>
<li><span>Log Out</span></li>
<?php } else {?> <li><span>Log In</span></li> <?php } ?>
<li>Register</li>
<li>Basket</li>
</ul></h3>
</div>
</head>
<body>
<div id="container">
<div id="header">
<img src="Images/Schurter3.jpg" width="800" height="300" alt="Schurter" />
</div>
<div id="navigation">
<ul id="navbar">
<li>Home</li>
<li>Components
<ul>
<li>Circuit Protection
<li>Connectors</li>
<li>Switches</li>
<li>EMC Products</li>
<li>Other Products</li>
</ul>
</li>
<li>Electronic Manufacturing Services
<ul>
<li>Application Examples</li>
<li>Processes</li>
</ul>
</li>
<li>About</li>
<li>Contact</li>
</ul>
</div>
<?php
include 'db.inc';
//Check to see if a customer ID has been passed in the URL
$memberID = $_GET["memberID"];
// Has a custID been provided? If so, retrieve the customer
// details for editing.
if (!empty($memberID))
{
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
$query = "SELECT * FROM members WHERE id = " . $memberID;
//Get the recordset
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_assoc($recordSet);
//Check for errors
//if (!$recordSet)
// print $connection->ErrorMsg();
// else
// {
// Load all the form variables with customer data
$Firstname = $row['Firstname'];
$Surname = $row['Surname'];
$Emailaddress = $row['Emailaddress'];
$Username = $row['Username'];
$Password = $row['Password'];
// }//End else
}
?>
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
<input type="hidden" name="memberID" value="<?php echo $memberID;?>">
<label>First name*</label>
<input name="Firstname" placeholder="Enter first name here" value="<?php echo $Firstname;?>" required/>
<label>Surname*</label>
<input name="Surname" placeholder="Enter surname here" value="<?php echo $Surname;?>" required/>
<label>Email*</label>
<input name="Emailaddress" type="email" placeholder="Enter email here" value="<?php echo $Emailaddress;?>" required/>
<label>Username*</label>
<input name="Username" type="text" placeholder="Enter a desired username" value="<?php echo $Username;?>" required/>
<label>Password*</label>
<input name="Password" type="password" placeholder="Enter a desired password" value="<?php echo $Password;?>" required/>
<input id="submit" name="submit" type="submit" value="Update Details">
</form>
</body>
</html>
And this is the update action page:
<?php
require('db.inc');
$memberID = $_GET["id"];
echo $memberID;
// trim the POSTed values - gets rid of unecessary whitespace
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Emailaddress = $_POST['Emailaddress'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
//Here we use validation at the server
// Vaildate the firstname
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Customer Details Error</title></head>
<body bgcolor="white">
<h1>Customer Details Error</h1>
<?=$errorString?>
<br>Return to the customer form
</body>
</html>
<?php
// If we made it here, then the data is valid
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
// this is an update
if (!empty($memberID))
{
$query = "UPDATE members SET ".
"Firstname = '$Firstname', Surname = '$Surname', " .
"Emailaddress = '$Emailaddress', Username = '$Username', Password = '$Password', " .
" WHERE id = $memberID";
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
echo "Your updates are complete!";
}
?>

<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
Fix this one to:
<?php
session_start();
if (isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
The first one is wrong, it checks for a username if there is no username then it displays the username else it doesnt.
On-topic:
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
Change the above line to:
<form name="RegisterForm" action="ProfileUpdate.php?id=<?php echo $memberID ?>" method="post" >
As your profileUpdate.php is requesting a member ID, this is necessary and after this, the code should work!

When user hits the submit button, index.php does not catch the action and update database

I have 3 files here, index.php, authors.html.php and form.html.php, index.php is my controller script that then calls authors.html.php to display the authors and finally form.html.php when a user wants to edit an author or add an author in a MySQL database.
The problem I run into is that when the user hits the update button, the database does not get update the author details... it seems my controller script is not catching the 'editform' action? I'm no entirely sure why it's slipping. Here are excerpts from the files:
index.php (controller):
<?php
include $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';
if ((isset($_POST['action'])) and ($_POST['action'] == 'Edit'))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php'; //connect to mysql
try
{
$sql = 'SELECT id, name, email FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching author details...';
include 'error.html.php';
exit();
}
$row = $s->fetch();
$pageTitle = 'Edit Author';
$action = 'editform';
$name = $row['name'];
$email = $row['email'];
$id = $row['id'];
$button = 'Update Author';
include 'form.html.php';
header('Location: .');
exit();
}
if (isset($_GET['editform']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php'; //connect to mysql
try
{
$sql = 'UPDATE author SET name = :name, email = :email WHERE id = :id';
$s->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->bindValue(':name', $_POST['name']);
$s->bindValue(':email', $_POST['email']);
$s->execute();
}
catch (PDOException $e)
{
$error = "Error updating selected author.";
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try
{
$result = $pdo->query('SELECT id, name FROM author');
}
catch (PDOException $e)
{
$error = 'Error fetching authors from the database: ';
include 'error.html.php';
exit();
}
foreach($result as $row)
{
$authors[] = array('id' => $row['id'], 'name' => $row['name']);
}
include 'authors.html.php';
?>
authors.html.php
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php' ?>
// When I call "htmlout()" is the same as "echo htmlspecialchars()"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Manage Authors</title>
</head>
<body>
<p>
<h1>Manage Authors</h1>
<p>
Add New Author
</p>
<ul>
<?php foreach ($authors as $author): ?>
<li>
<form action="?<?php $action ?>" method="post">
<div>
<?php htmlout($author['name']); ?>
<input type="hidden" name="id" value="<?php echo $author['id']; ?>">
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Delete">
</div>
</form>
</li>
<?php endforeach; ?>
</ul>
<p>
Return to JMS Home
</p>
</p>
</body>
</html>
form.html.php
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php' ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title><?php htmlout($pageTitle); ?></title>
</head>
<body>
<h1><?php htmlout($pageTitle); ?></h1>
<form action="?<?php $action ?>" method="post">
<div>
<label for="name">Name:
<input type="text" name="name" id="name" value="<?php htmlout($name); ?>">
</label>
</div>
<div>
<label for="email">Email:
<input type="text" name="email" id="email" value="<?php htmlout($email); ?>">
</label>
</div>
<div>
<input type="hidden" name="id" value="<?php htmlout($id); ?>">
<input type="submit" name="action" value="<?php htmlout($button) ?>">
</div>
</form>
</body>
</html>

I found out what I did wrong! Phew...
I screwed up on this line
$s->prepare($sql);
it should have been
$s = $pdo->prepare($sql);
and as #MamaWalter pointed out, I was looking at $_GET for a $_POST variable, so I changed that it it's now working great!
#linus72982 Your suggestion to use var_dump() was a tremendous help, I am new to PHP and thus did not know about it... thanks again for everything!