This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
I'm trying to update my database entries with this form:
<form method="post" action="inc/update.php">
<?php foreach ($links as $row) {
?>
<div class="btn_admin">
<p>
<label>Titulo</label>
<input type="text" name="title[]" value="<?php echo $row["desc"] ?>">
</p>
<p>
<label>Url</label>
<input type="text" name="url[]" value="<?php echo $row["url"] ?>">
<input type="hidden" name="id[]" value="<?php echo $row["id"] ?>" />
</p>
</div>
<?php }
?>
<input type="submit" name="submit" value="Update Links" />
</form>
On my update.php file:
if ($_SERVER["REQUEST_METHOD"] == "POST"
&& $_POST["submit"] == "Update Links") {
include_once 'db.php';
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
foreach($_POST['id'] as $id ) {
$title=$_POST["title"][$id-1];
$url=$_POST["url"][$id-1];
$sql = "UPATE index_links
SET desc=?, url=?
WHERE id=?";
$stmt = $db->prepare($sql);
$stmt->execute(array($title, $url, $id-1));
$stmt->closeCursor();
}
}
I've looped through $title and $url and everything is being 'grabbed' correctly, but the query is failing somehow with no errors.
I have even tried messing with erroneous query syntax (like in the query in the example above - "UPATE"), no errors whatsoever... and yes, the foreach loop is being accessed.
This seems like such intro level stuff, but I'm looking at this for an hour or so no and mind=blown... there are other queries (not UPDATE ones) on my project which are working fine.
In your case, the query probably fails because desc is a reserved word in mySQL.
PDO can be very secretive about its error messages by default. See this question on how to change that.
Related
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
I can't get this code to set the input in form to my database, and I can't figure out why. Is there any that can help me figure you why?
I'm trying to use the form to get input from user.
<form action="" method="post">
Etternavn:<br>
<input type="text" name="etternavn" id="etternavn" placeholder="Etternavn"><br>
Fornavn:<br>
<input type="text" name="fornavn" id="fornavn" placeholder="Fornavn"><br>
Klasse:<br>
<input type="text" name="klasse" id="klasse" placeholder="Klasse"><br>
Mobil:<br>
<input type="text" name="mobli" id="mobil" placeholder="Mobil"><br>
Nettside:<br>
<input type="text" name="www" id="www" placeholder="Nettside"><br>
Epost:<br>
<input type="email" name="epost" id="epost" placeholder="Epost">
<input type="submit" name="submit" value="Submit">
</form>
Here I'm running the PHP PDO to get hold in the database and try to put the user input in to the database but I can't see why it doesn't work. I don't get any messages that tell me that anything is wrong.
<?php
if (isset($_POST["submit"])){
$host = "kark.hin.no";
$dbname = "stud_v16_klemetsen";
$username = "v16_klemetsen";
$password = "**********";
try {
$dbh = new PDO("mysql:host=$host;dbname=$dbname",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$q = $dbh->prepare("INSERT INTO studenter(etternavn,fornavn,klasse,mobil,www,epost)
VALUES (:etternavn, :fornavn, :klasse, :mobil, :www, :epost");
$q->bindParam(':etternavn',$_POST['etternavn'],PDO::PARAM_STR);
$q->bindParam(':fornavn',$_POST['fornavn'],PDO::PARAM_STR);
$q->bindParam(':klasse',$_POST['klasse'],PDO::PARAM_STR);
$q->bindParam(':mobil',$_POST['mobil'],PDO::PARAM_STR);
$q->bindParam(':adr',$_POST['www'],PDO::PARAM_STR);
$q->bindParam(':epost',$_POST['epost'],PDO::PARAM_STR);
$q->execute();
$q->execute();
echo "succssfull";
}
catch (PDOException $e){
echo "ERROR" . $e->getMessage();
}
$dbh = null;
}
?>
$q->bindParam(':adr',$_POST['www'],PDO::PARAM_STR);
This line does not match with your SQL
"INSERT INTO studenter(etternavn,fornavn,klasse,mobil,www,epost)
VALUES (:etternavn, :fornavn, :klasse, :mobil, :www, :epost"
Your bind parameter must be :www
Also, you're missing an end closing bracket ) in your SQL query, it should be:
$sql = "INSERT INTO studenter(etternavn,fornavn,klasse,mobil,www,epost)
VALUES (:etternavn, :fornavn, :klasse, :mobil, :www, :epost)";
$q = $dbh->prepare($sql);
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 2 years ago.
I have encountered an issue with updated my MySQL data which includes HTML data, I continuously fixed errors; however, once one error is fixed it gives another. The current error is as follows:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='Live updates to certain games will also be posted on this website througho' at line 1
I have been scavenging on Stack Overflow for nearly 3 days without any definitive answers. So I am hoping someone can find this!
Here is my PHP form code:
if (isset($_POST['submit'])) {
$WName = mysql_prep($_POST['wname']);
$SName = mysql_prep($_POST['sname']);
$Desc = mysql_prep($_POST['desc']);
$LogoURL = mysql_prep($_POST['logourl']);
$aboutPage = mysql_prep($_POST['aboutpage']);
$query = "UPDATE settings SET name='$WName',subName='$SName',desc='$Desc',logoUrl='$LogoURL',about='$aboutPage'";
// $query = mysql_prep($query);
mysql_query($query) or die(mysql_error());
header("Location: settings.php?=success");
}
The function mysql_prep() can be found on the internet, namely here: https://gist.github.com/ZachMoreno/1504031
Here is the HTML form:
<form role="form" action="" method="post">
<!-- text input -->
<div class="form-group">
<label>Website Name</label>
<input type="text" name="wname" class="form-control" placeholder="
<?php echo $row['name']; ?>" value="
<?php echo $row['name']; ?>" />
</div>
<div class="form-group">
<label>Sub Name</label>
<input type="text" name="sname" class="form-control" placeholder="
<?php echo $row['subName']; ?>" value="
<?php echo $row['subName']; ?>" />
</div>
<div class="form-group">
<label>Description</label>
<textarea name="desc" class="form-control" rows="3" placeholder="
<?php echo $row['desc']; ?>" >
<?php echo $row['desc']; ?>
</textarea>
</div>
<div class="form-group">
<label>Logo URL</label>
<input type="text" name="logourl" class="form-control" placeholder="
<?php echo $row['logoUrl']; ?>" value="
<?php echo $row['logoUrl']; ?>" />
</div>
<div class="form-group">
<label>About Page</label>
<textarea class="form-control" name="aboutpage" rows="6" placeholder="
<?php echo $row['about']; ?>">
<?php echo $row['about']; ?>
</textarea>
</div>
<div class="box-footer">
<input type="submit" name="submit" class="btn btn-primary" value="Submit" style="margin-left:-10px;" />
</div>
</form>
Thanks very much for any assistance that you can provide, I hope this can be figured out and I aim to use this to assist future visitors who encounter the same/similar issues.
Can't believe I didn't see this earlier; the issue I had with MySQL was that the database had the column name 'desc' which I originally had the idea that it meant 'description' but in fact it was conflicting with the keyword 'descending'. This gave the syntax error.
Here is what I found on the MySQL documentation; 9.3 Keywords and Reserved Words
:
Keywords are words that have significance in SQL. Certain keywords, such as SELECT, DELETE, or BIGINT, are reserved and require special treatment for use as identifiers such as table and column names. This may also be true for the names of built-in functions.
On that web link above you can see a list of keywords/reserved words that shouldn't be used or should include back slashes (which I won't go into).
My solution? Don't use reserved words as identifiers!
The easiest solution that you can do is to simply avoid using these words. I prevented using the reserved word 'desc' by changing the identifier to 'description'.
Thanks for all your help! Hope this assists people in the future.
The string returned from your mysql_prep() function has escaped single quotes.
So.. ..you can't use these as delimiters in your query string. Change them to double quotes.
$query = "UPDATE settings SET name = \"$WName\",
subName = \"$SName\",
desc = \"$Desc\",
logoUrl = \"$LogoURL\",
about = \"$aboutPage\" ";
Can you try a $testQuery with just text..
$testQuery = "UPDATE settings SET name = \"ABC\",
subName = \"DEF\",
desc = \"GHI\",
logoUrl = \"JKL\",
about = \"MNO\" ";
Also, you are missing a WHERE clause, or is there only 1 row?
I need to delete a record, in this case a categories from my forum, from the database based on its id.
<?php
if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
{
?>
<td>
<form method="post">
<input type="hidden" value="<?= ['cat_id']; ?>">
<input type="submit" name="submit" value="Remover" />
</form>
<?php
if(isset($_POST['submit']))
{
mysql_query("DELETE FROM categories where cat_id = 'cat_id'");
}
?>
</td>
<?php
}
?>
i cant get a "good" way to do it... :(
EDIT: This is for a programming lesson not a real forum!!
Your HTML Input Field needs a name so it can be identified by your PHP.
Then, in your Code Block where you attempt to delete the category, you need to acces the category id using the $_POST array.
Another thig you want to do is read up onj the dangers of SQL injections.
If you're just playing around with PHP and MySQL at the moment: Go Ahead. But if you actually want to develop, maybe you should read up on a few other things as well, even if it seems like overkill at first: PHP The Right Way.
Nontheless, try this:
<?php
if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
{
?>
<td>
<form method="post">
<input type="hidden" name="hid_catid" id="hid_catid" value="<?php echo $cat_id; ?>">
<input type="submit" name="submit" value="Remover" />
</form>
<?php
if(isset($_POST['submit']))
{
$query = "DELETE FROM categories where cat_id = '".(int)$_POST['hid_catid']."'";
mysql_query($query);
}
?>
</td>
<?php
}
?>
--> hidden field should have name and id to use
--
Thanks
Your hidden input field needs a name to be accessable after the post. Also I am not sure if ['cat_id'] is the correcty way to reference this variable. Where does it come from?
<form method="post">
<input type="hidden" name="cat_id" value="<?= $cat_id ?>">
<input type="submit" name="submit" value="Remover" />
</form>
Then your query has to look like this to correctly grab the id from the post.
mysql_query("DELETE FROM categories where cat_id = " . mysql_real_escape_string($_POST['cat_id']));
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I have a table with a edit link and a delete button on each row. Delete button is working fine but the edit link I don´t know what I´m doing wrong with!
Clicking the edit link for a specific row it leads to edit page with the form BUT the data is not filled out. There is no error message... I can see up in the URL field that it´s the correct id for the chosen movie.
What am I missing? Do I need to write any queries etc on the edit page as well? I did try and make it a require page so when clicking on the edit button the edit form pops up on the index page. But I couldn't manage to do that.
I know I'm using mysql functions which are outdated, and I have yet to add SQL protection.
The database is called moviedata and has 2 tables.
Table 1 is called: movies
Fields/columns (5): id (primary key, AI), ****title** , release_year,** ****genre_id**, **director****
Table 2 is called: categories
Fields/columns (2): genre_id (primary key, AI), genre
There is a relation (Foreign key) between genre_id (primary key, table 2) and genre_id (table 1).
index.php code
<!DOCTYPE html>
<html>
<head>
<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />
</head>
<body>
<?php
require 'connect.inc.php';
if (isset($_POST['delete']) && isset($_POST['id'])) {
$id = $_POST['id'];
$query = "DELETE FROM movies WHERE id=".$id." LIMIT 1";
if (!mysql_query($query, $sql))
echo "DELETE failed: $query<br>".
mysql_error() . "<br><br>";
}
$query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";
$result = mysql_query($query);
if (!$result) die ("Database access failed:" .mysql_error()) ;
$rows = mysql_num_rows($result);
echo '<table><tr><th>Title</th><th>Release year</th><th>Genre</th><th>Director</th><th>Update</th><th>Delete</th></tr>';
while ($row = mysql_fetch_assoc($result)) {
echo '<tr><td>' .$row["title"] . '</td>' ;
echo '<td>' .$row["release_year"] . '</td>' ;
echo '<td>' .$row["genre_id"] . '</td>' ;
echo '<td>' .$row["director"] . '</td>' ;
echo '<td>'."<a href='edit_movie.php?edit=" . $row["id"] . "'>Edit</a>".'</td>';
echo '<td><form action="index.php" method="POST">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="id" value="'. $row["id"] .'" />
<input type="submit" value="Delete" /></form>
</td></tr>' ;
}
echo '</table>';
?>
</body>
</html>
And here is the code on edit_movie.php page. The edit page with the form:
<!DOCTYPE html>
<html>
<head>
<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />
</head>
<body>
<?php
require 'connect.inc.php';
//close MySQL
mysql_close($sql);
?>
<p>Edit movie</p>
<div id="form_column">
<form action="edit_movie.php" method="post">
<input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
Select genre:
<br>
<br> <input type="radio" name="genre_id" value="1" checked />Action<br>
<br> <input type="radio" name="genre_id" value="2" />Comedy<br>
<br> <input type="radio" name="genre_id" value="3" />Drama<br>
<br> <input type="radio" name="genre_id" value="4" />Horror<br>
<br> <input type="radio" name="genre_id" value="5" />Romance<br>
<br> <input type="radio" name="genre_id" value="6" />Thriller<br><br>
<input type="submit" />
</form>
</div>
</body>
</html>
The database connection is in a separate connect.inc.php file which is required at the top of these files. The code in the connect.inc.php file you can see below:
<?php
//connect to MySQL
$servername = "localhost";
$username = "root";
$password = "";
$sql = mysql_connect($servername,$username,$password);
mysql_connect($servername,$username,$password);
//select database
mysql_select_db("moviedata");
?>
Well, your code is kinda mess, because it's not even procedural. You're making problems for yourself. Really.
There are some things you must remember when developing an application using PHP:
Never print/echo html tags.
Try to avoid this as much as possible because this makes your code unmaintainable and unreadable. Use an alternate syntax instead.
That is, PHP should be used as a template engine itself, not "generate" the ones.
Separate responsibilities. Clearly and wisely
A functions which connect to a database should not be used in a presentation (in this case - HTML). You'd create one file which is responsible for database, another one which is responsible for data manipulation(such as DELETE, CREATE, UPDATE operations) and the like.
Don't forget about SQL injection & XSS
Never trust data you get from superglobals like $_GET, $_POST, $_COOKIE and $_REQUEST. At minimum, mysql_real_escape_string() should be used for each dynamic input you are going to deal with.
Generally speaking, XSS allows to execute any JavaScript code via aforementioned superglobals as well as injecting another html code within general markup. In order to prevent this, basically htmlentities() would be great enough here.
Wrap things into a function
So instead of doing this,
if (isset($_POST['delete']) && isset($_POST['id'])) {
$id = $_POST['id'];
$query = "DELETE FROM movies WHERE id=".$id." LIMIT 1";
You should re-write it like so:
function delete_movie_by_id($id){
return mysql_unbuffered_query(sprintf("DELETE FROM `movies` WHERE id='%s' LIMIT 1", mysql_real_escape_string($id)));
}
if ( isset($_POST['delete'], $_POST['id']) ){
delete_movie_by_id($_POST['id']); // it's safe & readable now
}
Learn about OOP and switch to PDO
Well, a procedural code is not the way to go when you're developing something like this. Next time you will be writing something, you'd really start using both PDO for database access and OOP.
I could go on, but it's better to stop now, and switch back to your original question.
Well, you didn't say which error exactly you get. For example, do you know if mysql_select() returns FALSE ( === failure on database selection), this won't terminate the script!? According to code you've posted, you do not "track it" in any way.
First
So, connect.inc.php should look like this:
error_reporting(E_ALL); // <-- Important!
$servername = "localhost";
$username = "root";
$password = "";
if ( ! mysql_connect($servername,$username,$password) ){
die(sprintf('Cannot connect to MySQL server because of "%s"', mysql_error()));
}
//select database
if ( ! mysql_select_db("moviedata") ){
die(sprintf('Cannot select a database, because of "%s"', mysql_error()))
}
Second
In edit_movie.php page, this code block, isn't required at all. The connection will be closed automatically when a script terminates.
So just remove this:
<?php
require 'connect.inc.php';
//close MySQL
mysql_close($sql);
Third
In that edit_movie.php, you're clearly asking: if ( isset($row['some_column']) )..., but what is it all about? Where's the $row itself? it wasn't defined anywhere, so you won't get what you expect. Here:
<input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
Okay, that's enough.
Consider, rewriting your application like this:
File: movie.inc.php
require_once('connect.inc.php');
/**
* Fetch all movies from a table
* #return array on success, FALSE on failure
*/
function get_all_movies(){
$query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";
$result = mysql_query($query);
if ( ! $result ){
return false;
} else {
$return = array();
while ($row = mysql_fetch_assoc($result)){
$return[] = array('director' => $row['director'], 'genre_id' => $row['genre_id'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']);
}
return $return;
}
}
function delete_movie_by_id($id){
// I already wrote this, see above
}
File index.php
<?php
require('movie.inc.php');
if ( isset($_GET['delete']) && isset($_GET['id']) ){
if ( delete_movie_by_id($_POST['id']) ){ //it's 100% safe
die('Movie has been removed. Refresh the page now'); // or the like
} else {
// could not - handle here
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />
</head>
<body>
<table>
<tr>
<th>Title</th>
<th>Release year</th>
<th>Genre</th><th>Director</th>
<th>Update</th>
<th>Delete</th>
</tr>
<?php foreach (get_all_movies() as $index => $row) : ?>
<tr>
<td><?php echo $row['title'];?></td>
<td><?php echo $row['release_year']; ?></td>
<td><?php echo $row['genre_id'];?></td>
<td><?php echo $row['director'];?></td>
<td><a href='<?php printf('edit_movie.php?edit=%s', $row['id']);?>>Edit</a></td>
<td>
<form action="index.php" method="GET">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="id" value="<?php echo $row['id'];?>" />
<input type="submit" value="Delete" />
</form>
</td>
</tr>
<?php endforeach; ?>
</table>
</body>
</html>
I'm tired now, hope you can get the core idea from this answer.
UPDATE
There are basic steps to make a movie "editable" :
1) You grab the data you are going to edit (from the table)
2) You send edited data back to the server (php script)
3) You validate the input
4) You run UPDATE query
That's all.
So it would be similar to this (File: edit_movie.php):
<?php
require_once('movie.inc.php');
/**
* Grabs the movie data by its id
*
* #param $id A movie id
* #return array on succes, FALSE if $id is wrong
*/
function get_movie_by_id($id){
$query = sprintf("SELECT * FROM `enter_movie_table_name_here` WHERE `id` = '%s' LIMIT 1", mysql_real_escape_string($id));
$result = mysql_query($query);
if ( ! $result ){
return false;
} else {
return $result;
}
}
function update_movie_by_id($id, array $data){
$query = sprintf("UPDATE `the_movie_table`
SET `director` ='%s',
`genre_id` = '%s',
`relase_year` ='%s',
`title` = '%s' WHERE `id` = '%s' LIMIT 1"),
mysql_real_escape_string($data['director']),
mysql_real_escape_string($data['genre_id']),
mysql_real_escape_string($data['relase_year']),
mysql_real_escape_string($data['title']),
mysql_real_escape_string($id) );
// not mysql_query() !!! but this
return mysql_unbuffered_query($query);
}
// Next thing is to get an id by query string,
// So if it was /movide_edit.php?id=1
// then id we have is 1
// So we need to handle that right now
if ( isset($_GET['id']) ){
$movie = get_movie_by_id($_GET['id']);
if ( ! $movie ){ // <- make sure that id isn't fake
die(sprintf('Invalid movie id "%s"', $_GET['id']));
}
} else {
die('Please supply an id you want to edit'); // <- this makes sence
}
// Ok, we'll reserve this block for an update
if ( !empty($_POST) ){ // This will run when user clicked on Save button
if ( update_movie_by_id($_POST['id'], array(
'director' => $_POST['director'],
'genre_id' => $_POST['genre_id'],
'relase_year' => $_POST['relase_year'],
'title' => $_POST['title']
)) ){
die('Movie has been updated');
} else {
die('Could not update a movie for some wicked reason..');
}
}
// That's all. Now it can:
//1) Fetch the data
//2) Edit accordingly
?>
<!DOCTYPE html>
<html>
<!--
This is kinda quick and dirty form
You need to fix this later
-->
<body>
<form method="POST">
<label for="title">Title</label>
<input type="text" name="title" value="<?php echo $movie['title']; " />
<!--
Add another elements this way..
-->
<button type="submit">Save</button>
</form>
</body>
</html>
So, I have a page with a bunch of workorders on it. Each workorder is a row in a single table, and gets put on the page with a while() statement.
I'm trying to update each row with a simple form that I put inside the while(), and an UPDATE/WHERE statement to actually add the information to the table.
Instead of adding it to the specific row, it adds it to Every row. The only thing I can think of is that my WHERE condition is wrong, but I can't seem to figure it out. Maybe it just needs fresh eyes, or maybe I'm heading in Completely the wrong direction.
Also, any specific instructions on security, a better way to do it, etc. would be very helpful. I'm learning PHP on the fly and could use a helping hand. :)
<?php
$query = "SELECT * FROM client_information";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$which_ad = $row['ID'];?>
<b>Name:</b> <? echo $row['billing_name']; ?> <br>
<b>Job Type:</b> <? echo $row['job_type']; ?> <br>
<b>Size:</b> <? echo $row['size']; ?> <br>
<b>Text:</b> <? echo $row['text']; ?> <br>
<b>Notes:</b> <? echo $notes; ?> <br>
<br><br>
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="submit" name="submit" value="Submit"></form>
<?
$email_message = htmlspecialchars ("{$_POST['email_message']}", ENT_QUOTES);
if (mysql_errno() != 0) {
die(mysql_error());
}
mysql_query(
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$which_ad'"
);
if (mysql_errno() != 0) {
die(mysql_error());
}
}
?>
You don't specify the id in your form:
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="hidden" name="id" value="<?php echo $which_ad; ?>">
<input type="submit" name="submit" value="Submit">
</form>
you need to also make sure you know what id was submitted:
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$_POST['id']'"
Of course, you're wide open to attacks like this as everyone else is saying. You need to look into mysqli or pdo to sanitize your input...
Ans also upon inspection you're evaluating your post data in the loop. Don't do that. Just do your evaluation before everything else is processed on the page...
<?php
if($_POST)
{
//run processing here
}
// do your fetch code here and display the forms...