CODEWITHSUNDEEP
phpmysql
Mohammad Mursaleen
Mohammad Mursaleen

Reputation: 603

i have the values in variable but cannot update in MySql db

for admin panel i have made a table with delete, edit and add option with each row, every thing is working perfect except the execution of update query, uptil now have shown text to be edit in its form, and delivered the edit values to the next page which i have verified by usin echo(). My code is as following update.php

<head>

<?php   
// 1. Create a database connection
// 2. Select a database to use 
include('connect.php');
?>
<?php
// 3. Perform database query          
$id=$_SESSION['id'];       
$author=$_GET['author'];
$quotation=$_GET['quote'];

//below code is to check
echo $id . "<br>". $author . "<br>". $quotation ."<br>";
//4. update query
$query = "UPDATE 'quotations' SET 
'author' = '$author',
'quotation' = '$quotation', 
WHERE 'id' = '$id'";
mysql_query($query);
// test to see if the update occurred
if (mysql_affected_rows() == 1) {
// Success!
echo "The page was successfully updated."; 
} else {
echo "The page could not be updated.";
}
?>
<?php
 // 5. Close connection
 mysql_close($connection);
session_destroy();
//header("Location: Admin.php");   commented just to observe the output.

?>
</body>
</html>

by echo before query i`m getting my edit values which means there is no issue with the form, even db connected but no updates. Any suggession in this regard will be appreciated.

Upvotes: 1

Views: 277

Answers (2)

EPB
EPB

Reputation: 4029

MySQL-escape your variables! Or better yet: use the mysqli/PDO prepared statements.

Additionally, your tablename is wrapped in single-quotes, and there is a stray comma before your WHERE clause. Use backquotes instead (or no quotes at all should be fine for that table name.)

$query = "UPDATE `quotations` SET 
'author' = '$author',
'quotation' = '$quotation'
WHERE 'id' = '$id'";

MySQLi: http://php.net/manual/en/book.mysqli.php

MySQLi Prepared Statements: http://php.net/manual/en/mysqli.prepare.php

PDO: http://php.net/manual/en/book.pdo.php

PDO Prepared Statement method: http://php.net/manual/en/pdo.prepare.php

Upvotes: 1

Niche
Niche

Reputation: 967

Is the id attribute in the database a numeric field? If so, you shouldn't be adding the single quotes in the UPDATE string.

$query = "UPDATE 'quotations' SET 
'author' = '$author',
'quotation' = '$quotation', 
WHERE 'id' = $id"

Upvotes: 0

Related Questions