Update Mysql column field from a table based on user id

Question

I am new to PHP and SQL, at the moment I am just learning and experimenting not worried about security side. I am trying to Update the username and email based on the user id. My table name is users, and the columns within this table are "id, username, email, password".

Now the query doesn't execute this is what I have done so far.

User information Updated successfully";
     } 
     else {
          echo " Something went wrong ";
     }
}
?>


Add Data

   
    
         update user info
        Username: 


        Email:

user3783243 · Accepted Answer

Your main issue is that you are using the PHP concatenation syntax in your SQL string. This makes all your values incorrect and as such your id in where clause doesn't match any record so no records are updated. Your query should be

$sql= "UPDATE users SET username= '$username' , email= '$email' WHERE id='$id' ";

or

$sql= "UPDATE users SET username= '" .$username. "' , email= '" . $email . "' WHERE id='" .$id. "' ";

That would run but is open to SQL injections. You should use prepared statements, parameterize that, and use error reporting:

error_reporting(1);
if(isset($_POST['submit']){
     $email = $_POST['email'];
     $username= $_POST['username'];
     $id = $_POST['id'];
     $sql= "UPDATE users SET username=?, email=? WHERE id=?";
     $stmt = mysqli_prepare($connection, $sql)) {
     mysqli_stmt_bind_param($stmt, "ssi", $username, $email, $id);//third i assumes "id" is an integer
     $result = mysqli_stmt_execute($stmt);
     if(!empty($result)) {
          echo "User information Updated successfully";
     } else {
          printf("Error: %s.
", mysqli_stmt_error($stmt));
     }
}

This is a rough untested answer. More information about prepared statements can be found here, http://php.net/manual/en/mysqli.quickstart.prepared-statements.php.

Update Mysql column field from a table based on user id

Answers (1)

Related Questions