My PHP profile updater is not working

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE login SET fname='$fname' lname='$lname' age='$age' about='$abt' WHERE id=$usi";
if ($conn->query($sql) === TRUE) {
    echo "New record created successfully:: 2<br>";
    $ready = $ready + 1;
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();

I know the login variables are missing. I just didn’t add them for safety reasons.

The main problem is because you aren’t using commas after every column.

fname = ?, lname = ?, .....

Try to use prepared statements more and don’t stuff the raw data in the SQL statement as this will cause SQL Injections. You also don’t need to close the database connection as PHP will close it for you. It’s best for practice, but it’s not really necessary to close the database every time you make a database call.

I have provided a snippet below using prepared statements.

<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if($conn->connect_error) {

    // Don't display any errors to the user. This can be a security risk. You should NEVER output error to the user anyways.
    die('There seems to be an error with the database information provided. If this problem continues, the database engine might be off.');

}

$sql = "UPDATE login SET fname = ?, lname = ?, age = ?, about = ? WHERE id = ?"; // The SQL statement
$prepare = $conn->prepare($sql); // Prepare the SQL statement
$prepare->bind_param('ssisi', $fname, $lname, $age, $abt, $usi); // Bind the result to the placeholders in the SQL statement to avoid SQL Injection.
$prepare->execute(); // Execute the prepared statement.

The data types are as is

// s = string
// i = integer
// d = double
// b = blob
2 Likes

Well that the is a perfect example of how mysqli is not mutually exclusive with eliminating sql injections.

I keep getting an error on the line $prepare->bind_param('ssisi', $fname, $lname, $age, $abt, $usi); // Bind the result to the placeholders in the SQL statement to avoid SQL Injection. The error is Fatal error: Call to a member function bind_param() on a non-object in /home/dadtatx1/public_html/smedia/ln/fix.php on line 33

I plugged it in my code with the login information, session data (how I figure out what the ‘ID’ should be), all the GET variables (How I get their names and stuff) and made sure the SQL is working. Please farther assist. Thank you for what help you have so far provided.

If you would have read the manual you would know that means the sql statement is invalid. C’mon man…

What manual. I mostly just learn from others examples. Besides, I basically copied and pasted the programming in the solution I commented to.

The php manual. It goes over all the classes, functions, parameters, and return values. In your case the prepare method is returning false which is not an object. Which translates in laymans terms to a malformed query.

Can vary from typo in the snippet to the column doesn’t exist in your actual database to not having the right amount of place holders. You need to show us the whole snippet you updated.

<?php
session_start();
$usi = $_SESSION["cuser"];
$fname = $_POST["fname"];
echo $fname . "<br>";
$lname = $_POST["lname"];
$age = $_POST["age"];
$abt = $_POST["about"];
$rtu = $_POST["goto"];
echo $rtu;


$ready = 0;
//table 2
$servername = "localhost";
$username = "####";
$password = "####";
$dbname = "socialmedia";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if($conn->connect_error) {

    // Don't display any errors to the user. This can be a security risk. You should NEVER output error to the user anyways.
    die('There seems to be an error with the database information provided. If this problem continues, the database engine might be off.');

}

$sql = "UPDATE login SET fname = $fname, lname = $lname, age = $age, about = $abt WHERE id = $usi"; // The SQL statement
$prepare = $conn->prepare($sql); // Prepare the SQL statement
$prepare->bind_param('ssisi', $fname, $lname, $age, $abt, $usi); // Bind the result to the placeholders in the SQL statement to avoid SQL Injection.
$prepare->execute(); // Execute the prepared statement.
$conn->close();
?>

<?php
if ($ready > 1) {
    echo "ready on both";
    header("location: http://socialme.dadtat.x10.mx/");
    die();
}
?>

Here’s the first problem. When using prepared statements, you need to use ? instead of the variables like $fname, $lname, .etc.

Then where do I tell the code what the ‘answers’ to those updated slots are?

Right here

The first thing you have to do is assign the data types to the first parameter. Then you assign each variable in the order you are updating them in. Though with your updated snippet, there’s still a lot of things that are wrong with it.

Ohh. Thanks

Unlike PDO, you have to assign the data types, otherwise you’ll get another fatal error. PDO is much preferred though if you already know mysqli_*.

I updated my code

$sql = "UPDATE login SET fname = ?, lname = ?, age = ?, about = ? WHERE id = ?"; // The SQL statement $prepare = $conn->prepare($sql); // Prepare the SQL statement $prepare->bind_param('ssisi', $fname, $lname, $age, $abt, $usi); // Bind the result to the placeholders in the SQL statement to avoid SQL Injection. $prepare->execute(); // Execute the prepared statement. $conn->close();

But I still keep getting anj error
Fatal error: Call to a member function bind_param() on a non-object in public_html/smedia/ln/fix.php on line 33

Post the create table schema and a dump of the variable values being used in bind params. Something isn’t right with that SQL.

Show create table login;

Actually just the create table.

The what? I am sorry, but I know almost nothing about SQL. How do you do that? Sorry for the inconvenience.

In the CLI

It is an easy way to see what a table’s current schema is. eg.

mysql> use sitepoint
Database changed
mysql> show create table cities ;
+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table  | Create Table                                                                                                                                                                                                                                                                                          |
+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| cities | CREATE TABLE `cities` (
  `name` varchar(100) NOT NULL,
  `state_name` varchar(100) NOT NULL,
  `phoneme` varchar(50) NOT NULL,
  `transliteration` varchar(100) NOT NULL,
  `transliteration_phoneme` varchar(50) NOT NULL,
  PRIMARY KEY (`name`,`state_name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 |
+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.10 sec)

mysql>

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'show create table normal' at line 2 Comes up when I enter [quote=“Mittineague, post:18, topic:218599”]
mysql> show create table cities
[/quote]
What does that mean? I did everything. I replaced ‘sitepoint’ with my database, and ‘cities’ with the proper table. I did it both, doing 1 at a time, and again entering both in the web interface terminal together in the same order you show.

Wait. I got it. But I can’t really see any of it. I only see the top left data field.