update records in php my sql

Question

i'm studying php and i got trouble in updating the record in the database here is my code..every time i type ?id=14 or any number that corresponds a record in the database it doesnt show any record in the textbox. i have no error but the thing is it doesnt show recor

<HTML>
<?php
$submit = isset($_POST['submit']);
$update = isset($_POST['update']);
$id = isset($_GET['id']);

if($submit)
{
    $first = $_POST['first'];
    $last = $_POST['last'];
    $nickname = $_POST['nickname'];
    $email = $_POST['email'];
    $salary = $_POST['salary'];

$db = mysql_connect("localhost", "root","");
mysql_select_db("dbtry",$db);
$sql = "INSERT INTO personnel (firstname, lastname, nick, email, salary) VALUES ('$first','$last','$nickname','$email','$salary')";
$result = mysql_query($sql);
echo "Thank you! Information entered.\n";
}
else if($update)
{
    $first = $_GET['first'];
    $last = $_GET['last'];
    $nickname = $_GET['nickname'];
    $email = $_GET['email'];
    $salary = $_GET['salary'];
$db = mysql_connect("localhost", "root","");
mysql_select_db("dbtry",$db);
$sql = "UPDATE personnel SET firstname='$first',lastname='$last',nick='$nickname',email='$email',salary='$salary' WHERE id=$id";
$result = mysql_query($sql);
echo "Thank you! Information updated.\n";
}
else if($id)
{
$db = mysql_connect("localhost", "root", "");
mysql_select_db("dbtry",$db);
$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);
$myrow = mysql_fetch_array($result);
?>
<form method="get" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="hidden" name="id" value="<?php echo $myrow["id"]?>">
First name:<input type="Text" name="first" value="<?php echo $myrow['firstname'];?>"><br>
Last name:<input type="Text" name="last" value="<?php echo $myrow['lastname'];?>"><br>
Nick Name:<input type="Text" name="nickname" value="<?php echo $myrow['nick'];?>"><br>
E-mail:<input type="Text" name="email" value="<?php echo $myrow['email'];?>"><br>
Salary:<input type="Text" name="salary" value="<?php echo $myrow['salary'];?>"><br>
<input type="Submit" name="update" value="Update information"></form>
<?php
}
else
{
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
First name:<input type="Text" name="first"><br>
Last name:<input type="Text" name="last"><br>
Nick Name:<input type="Text" name="nickname"><br>
E-mail:<input type="Text" name="email"><br>
Salary:<input type="Text" name="salary"><br>

<input type="Submit" name="submit" value="Enter information"></form>
<input type="Submit" name="update" value="Update information">
<?
}
?>
</HTML>

-- :(

Answer 1

Your $id is set to true or false in line 5. Replace:

$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);

in else if($id) block with:

$result = mysql_query("SELECT * FROM `personnel` WHERE `id` = " . mysql_real_escape_strig($_GET['id']), $db);

Answer 2

try testing with:

$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db) OR DIE (MYSQL_ERROR());

Answer 3

Your $id only contains the fact whether $_GET['id'] was set, not its actual value. Replace it with this:

$id = isset($_GET['id']) ? $_GET['id'] : null;

Additionally, make sure to escape all user input before outputing it (using htmlspecialchars) and before putting it into your DB query text (using mysql_real_escape_string or, even better, PDO).