Reputation: 215
Update query in php not recognizing variables
I am trying to update customers information using a mysql query. The variables have been defined here:
$member_id = $_POST['member_id'];
$username = $_POST['username'];
$password = $_POST['password'];
$bizname = $_POST['bizname'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$url = $_POST['url'];
$contact = $_POST['contact'];
$notes = $_POST['notes'];
$sales_rep = $_POST['sales_rep'];
$member_type = $_POST['member_type'];
$password = md5($password);
When I run the below query, nothing updates in the database
$qry = "update members set username='".$username."',password='".$password."',bizname='".$bizname."',phone='".$phone."',email='".$email."',url='".$url."',contact='".$contact."',notes='".$notes."',sales_rep='".$sales_rep."',member_type='".$member_type."' where member_id='".$member_id."'";
I echoed the $qry and the results are below:
update members set
username='',password='d41d8cd98f00b204e9800998ecf8427e',bizname='',phone='',
email='',url='',contact='',notes='',sales_rep='',member_type=''
where member_id=''
Does anyone have an idea as to why only the $password variable has a value? I have tried using md5 encryption on the other variables just to see if that would work and they will have values but obviously I only want to do this for the password.
EDIT: This is the edit-client.php form
<?php
require_once('auth.php');
require_once('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; />
<title>Untitled Document</title>
</head>
<body>
<?php
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//define username variable and sanitize
$username = clean($_POST['username']);
//Run query for selected user and store in an array
$result = mysql_query("select * from members where username='".$username."'");
$row = mysql_fetch_array($result);
//display all clients information in a form to edit
echo '<h1>'.$username.'</h1>';
echo '<form name="update-client" action="update-client.php" />';
echo '<table>';
echo '<tr><td>';
echo '<input type="hidden" name="member_id" value="'.$row['member_id'].'"';
echo '</td></tr>';
echo '<tr><td>';
echo 'Username: <input name="username" type="text" value="'.$username.'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Password: <input name="password" type="text" value="'.$row['password'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Business Name: <input name="bizname" type="text" value="'.$row['bizname'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Phone: <input name="phone" type="text" value="'.$row['phone'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Email: <input name="email" type="text" value="'.$row['email'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Website Address: <input name="url" type="text" value="'.$row['url'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Contact: <input name="contact" type="text" value="'.$row['contact'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Notes: <input name="notes" type="text" value="'.$row['notes'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo 'Sales Representative: <input name="sales_rep" type="text" value="'.$row['sales_rep'].'" />';
echo '</td></tr>';
echo '<tr><td>';
echo '<input name="submit" type="submit" value="Edit" />';
echo '</td></tr>';
echo '</table>';
echo '</form>';
?>
</body>
</html>
Upvotes: 0
Views: 1484
Answers (2)
Reputation: 6389
Change:
echo '<form name="update-client" action="update-client.php" />';
To:
echo '<form name="update-client" action="update-client.php" method="post"/>';
You forgot method="post"
Upvotes: 1
Reputation: 843
You'll always want to check for values/errors as you go to limit the time you have to spend debugging.
For example it would be much better practice to do something like this:
if (isset ($_POST['member_id']) && !empty ($_POST['member_id'])) {
$member_id = $_POST['member_id'];
} else {
echo 'Error: member_id not provided!';
}
And you'd want to do that for every field. Additionally you'd want to build some validation into your code (check for numbers only, valid formatting, sql injection, etc...) and only proceed with the actual SQL if the input was complete, valid and safe.
This is just the very basics, but start with it on your script and you'll quickly figure out where the problem is.
But more specifically you'll need to post the contents of your HTML form so we can properly help you.
EDIT: Also - it would be a good idea to start formatting your SQL queries in a manner that makes them easier to read/debug. Yours for example, I would write like this:
$qry = "UPDATE `members`
SET `username` = '$username',
`password` = '$password',
`bizname` = '$bizname',
`phone` = '$phone',
`email` = '$email',
`url` = '$url',
`contact` = '$contact',
`notes` = '$notes',
`sales_rep` = '$sales_rep',
`member_type` = '$member_type'
WHERE `member_id` = '$member_id'";
You'll also see that I didn't use ".$var." within this because the use of double quotes in a PHP string allows you to refer to variables directly whereas if you had used single quotes you'd have to end the string and insert the variable.
Upvotes: 1
Related Questions
- Mysql update using php variable giving error
- using variable inside mysql update query in php
- SQL Update query using variables
- PHP MySQL Update not working when using variable in WHERE clause
- PHP - using update with variables
- MySQL Update with variables in PHP
- SQL Updating with variable not working
- MySQL UPDATE syntax error with variables
- PHP Update query not receiving variable already defined in page
- PHP SQL UPDATE using variables