Update Database fails. can't find error (FOUND ERROR)

Question

I want to update a database using this code but it fails every time and I cannot find why the form fails. if someone could help, i would appreciate that alot!!

These are the codes i use to update the DB (these are three files total)

When you go to my editor you will see this screen.(everything works exept the update) it says cannot update data. it doesn't show any other errors. did i miss something?

<html>
<body>
<?php
session_start(); // Start the session
$loggedin = $_SESSION['loggedin']; // Are they loggedin?

// They are not logged in, Kill the page and ask them to login.
if ($loggedin != "1") {
die('Sorry your not loggedin, please login to gain acces. <a href="datlogin.php"> Here </a> to login');}

?>

<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
?>
<head>
<style>
div
{
fload:center;
width:1000px;
margin:0 0 15px 20px;
padding:15px;
border:1px solid black;
}
</style>
<div align="center">
</head>
<img src="http://www.emiclaer.nl/Portals/39/Tuinen.jpg" alt="DTlogo.img" width="880" height="280">
</div>
<body style="margin:15px;">
<div>
Druk op <font color="blue"><u>Update</u></font> om de App te Updaten.<br>
<p></p>
<center>


<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<td>
<table width="400" border="1" cellspacing="0" cellpadding="3">
<tr>
<td colspan="4"><strong>Iphone aanbiedingen.</strong> </td>
</tr>

<tr>
<td align="center"><strong>Naam</strong></td>
<td align="center"><strong>Omschrijving</strong></td>
<td align="center"><strong>Prijs</strong></td>
<td align="center"><strong>Promotext</strong></td>
<td align="center"><strong>URL</strong></td>
<td align="center"><strong>Image URL</strong></td>
<td align="center"><strong>Update</strong></td>
</tr>

<?php
while($rows=mysql_fetch_array($result)){
?>

<tr>
<td><? echo $rows['naam']; ?></td>
<td><? echo $rows['omschrijving']; ?></td>
<td><? echo $rows['promotext']; ?></td>
<td><? echo $rows['prijs']; ?></td>
<td><? echo $rows['url']; ?></td>   
<td><? echo $rows['iurl']; ?></td>
<td align="center"><a href="updateformthingy.php?id=<? echo $rows['id']; ?>">Update</a></td>
</tr>

<?php
}
?>

</table>
</td>
</tr>
</table>

<?php
mysql_close();
?>
</div>
</center>
</form>
</body>
</html>

This is the second screen you will go to

<html>
<?php
session_start(); // Start the session
$loggedin = $_SESSION['loggedin']; // Are they loggedin?

// They are not logged in, Kill the page and ask them to login.
if ($loggedin != "1") {
die('Sorry your not loggedin, please login to gain acces. <a href="datlogin.php"> Here </a> to login');}

?>
<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
$id=$_GET['id'];

// Retrieve data from database
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);

$rows=mysql_fetch_array($result);
?>
<head>
<style>
div
{
fload:center;
width:1000px;
margin:0 0 15px 20px;
padding:15px;
border:1px solid black;
}
</style>
<div align="center">
</head>
<img src="http://www.emiclaer.nl/Portals/39/Tuinen.jpg" alt="DTlogo.img" width="880" height="280">
</div>
<body style="margin:15px;">
<div>
Vul hier de updates in.<br>
<p></p>
<center>


<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<tr>
<td>&nbsp;</td>
<td colspan="3"><strong>Update Iphone App</strong> </td>
</tr>
<tr>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
</tr>
<tr>
<td align="center">&nbsp;</td>
<td align="center"><strong>Naam</strong></td>
<td align="center"><strong>Omschrijving</strong></td>
<td align="center"><strong>Prijs</strong></td>
<td align="center"><strong>Promotext</strong></td>
<td align="center"><strong>URL</strong></td>
<td align="center"><strong>Image URL</strong></td>
<td align="center"><strong>Update</strong></td>
</tr>
<form name="form1" method="post" action="updateform.php">
<tr>
<td>&nbsp;</td>
<td align="center">
<input name="inp_naam" type="text" id="inp_naam" value="<? echo $rows['naam']; ?>">
</td>
<td align="center">
<input name="inp_omschrijving" type="text" id="inp_omschrijving" value="<? echo $rows['omschrijving']; ?>" size="15">
</td>
<td>
<input name="inp_prijs" type="text" id="inp_prijs" value="<? echo $rows['prijs']; ?>" size="15">
</td>
<td align="center">
<input name="inp_promotext" type="text" id="inp_promotext" value="<? echo $rows['promotext']; ?>">
</td>
<td align="center">
<input name="inp_url" type="text" id="inp_url" value="<? echo $rows['url']; ?>" size="15">
</td>
<td>
<input name="inp_iurl" type="text" id="inp_iurl" value="<? echo $rows['iurl']; ?>" size="15">
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>">
</td>
<td align="center">
<input type="submit" name="Submit" value="Submit">
</form>
</td>
<td>&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
</center>
<?php
// close connection
mysql_close();
?>
</body>
</html>

This Code is what has to Update the database. (i have updated this one to most comments on the page, mysqli and PDO don't work for me.)

<html>
<body>
<?php
session_start(); // Start the session
$loggedin = $_SESSION['loggedin']; // Are they loggedin?

// They are not logged in, Kill the page and ask them to login.
if ($loggedin != "1") {
die('Sorry your not loggedin, please login to gain acces. <a href="testlogin.php"> Here </a> to login');}

?>
<?php
$inp_naam=$_POST['inp_naam'];
$inp_prijs=$_POST['inp_prijs'];
$inp_promotext=$_POST['inp_promotext'];
$inp_url=$_POST['inp_url'];
$inp_iurl=$_POST['inp_iurl'];
$id=$_POST['id'];

$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name


// Connect to server and select database. 
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect Host");
mysql_select_db("$db_name")or die("cannot select DB");

// update data in mysql database
$sql="UPDATE `$db_name`.`$tbl_name` 
      SET `naam` = '$inp_naam', 
          `omschrijving` = '$inp_omschrijving', 
          `prijs` = '$inp_prijs', 
          `promotext` = '$inp_promotext',  
          `url` = '$inp_url', 
          `iurl` = '$inp_iurl' 
       WHERE `$tbl_name`.`id` = '$id'";

$result = mysql_query($conn, $sql);

if (!$result) {
// if successfully updated.
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
} else {
die('cannot update DataBase'. mysql_error());
}

?>

</body>
</html>

To

<html>
<body>
<?php
session_start(); // Start the session
$loggedin = $_SESSION['loggedin']; // Are they loggedin?

// They are not logged in, Kill the page and ask them to login.
if ($loggedin != "1") {
die('Sorry your not loggedin, please login to gain acces. <a href="testlogin.php"> Here </a> to login');}

?>
<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

session_start();

// Connect to server and select database. 
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect Host");
mysql_select_db("$db_name")or die("cannot select DB");

// update data in mysql database
$sql="UPDATE tblProducts
SET naam = '".$_POST['inp_naam']."', 
omschrijving = '".$_POST['inp_omschrijving']."', 
prijs = '".$_POST['inp_prijs']."', 
promotext = '".$_POST['inp_promotext']."',  
url = '".$_POST['inp_url']."', 
iurl = '".$_POST['inp_iurl']."'
WHERE id = '".$_POST['inp_id']."'";

$result = mysql_query($sql,$conn);

if (!result) {
// if successfully updated.
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
} else {
die('cannot update DataBase'. mysql_error());
}
mysql_close();

?>
</body>
</html>

Thank you alot for your time!

Mysqli.

// Connect to database
$con=mysqli_connect("$host","$user","$pass","$db_name");

// Check connection
if (mysqli_connect_errno($con))
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
// Get id from URL bar
  $id=$_GET['id']

// connect to table
$sql="SELECT * FROM `tblProducts` WHERE `id` = '$id'";
$result=mysqli_query($con,$sql);
// get table information
$rows=mysqli_fetch_array($result,MYSQLI_ASSOC);

mysqli_free_result($result);
?>

Answer 1

This code of yours has some serious security issues. You are writing POST/GET-variables without quoting to an SQL query, which let's users inject SQL into your query (see http://xkcd.com/327/ :)).

For DB interaction I usually use PDOs (http://www.php.net/manual/de/pdo.prepare.php).

Your code will look like this:

 $sth = $dbh->prepare('UPDATE '.$db_name.'.'.$tbl_name.' SET naam = ?, omschrijving = ?,  prijs = ?, promotext = ?, url = ?, iurl = ? WHERE '.$tbl_name.'.id = ?');
 $sth->execute(array($inp_naam, $inp_omschrijving, $inp_prijs, $inp_promotext, $inp_url, $inp_iurl, $id));

Edit: Without PDO this would look like this:

 $sql = "UPDATE ".$db_name.".".$tbl_name." SET"
    ." naam = '".mysql_real_escape_string($inp_naam)
    ."', omschrijving = '".mysql_real_escape_string($inp_omschrijving)
    ."',  prijs = '".mysql_real_escape_string($inp_prijs)
    ."', promotext = '".mysql_real_escape_string($inp_promotext)
    ."', url = '".mysql_real_escape_string($inp_url)
    ."', iurl = '".mysql_real_escape_string($inp_iurl)
    ."' WHERE ".$tbl_name.".id = '".mysql_real_escape_string($id)."'");

Answer 2

$sql="UPDATE '$db_name'.'$tbl_name' 
SET naam = ['$inp_naam'], omschrijving = ['$inp_omschrijving'], prijs = ['$inp_prijs'], promotext = ['$inp_promotext'], url = ['$inp_url'], iurl = ['$inp_iurl'] 
WHERE '$tbl_name'.id = $id";

Remove single quote from column name

Answer 3

First of all, the syntax for your query is incorrect. The SQL query should be passed as the first parameter, with the connection identifier as the second, for example:

$result = mysql_query($sql, $conn);

Secondly, your UPDATE query contains invalid characters. You should use backticks to escape field names in MySQL,not quotes. Update your code as follows:

$sql="UPDATE `$db_name`.`$tbl_name` 
      SET `naam` = '$inp_naam', 
          `omschrijving` = '$inp_omschrijving', 
          `prijs` = '$inp_prijs', 
          `promotext` = '$inp_promotext',  
          `url` = '$inp_url', 
          `iurl` = '$inp_iurl' 
       WHERE `$tbl_name`.`id` = $id";

You'll see that I also removed the erroneous squared brackets ([]) as well.

Please be advised that mysql_* functions are now deprecated. You should look into MySQLi or PDO. Also be advised that your code is wide open to SQL injection. You should learn about sanitizing your input, and in particular, Prepared Statements.

Answer 4

I am not sure this ' is the correct symbol for using with table and column names.

UPDATE '$db_name'.'$tbl_name' 
SET 'naam' = ['$inp_naam'], 'omschrijving' = ['$inp_omschrijving'], 'prijs' = ['$inp_prijs'], 'promotext' = ['$inp_promotext'], 'url' = ['$inp_url'], 'iurl' = ['$inp_iurl'] 
WHERE '$tbl_name'.'id' = $id

Maybe you wanted to use ` ?