SQL statement not working

My $_GET[‘id’] data is getting lost after I submit the form on the same page using POST… any ideas??

// get data from database via GET request using Id
$dbc= mysqli_connect(DB_HOST,DB_USER,DB_PW,DB_NAME);
$search_get=$_GET[‘id’];
$query_get=“SELECT * FROM deals WHERE id=$search_get”;
$result_get=mysqli_query($dbc,$query_get);
$row=mysqli_fetch_array($result_get);
mysqli_close($dbc);

// check form, insert into database, move files
	
if(isset($_POST['submit'])){
	//connect to database
	$dbc2= mysqli_connect(DB_HOST,DB_USER,DB_PW,DB_NAME);

	//end database
	//get variables//	
	$deal_name=mysqli_real_escape_string($dbc2,trim($_POST['name']));
	//input into database//
	$query="UPDATE deals SET deal_name='$deal_name' WHERE id=$search_get";

	$result=mysqli_query($dbc2,$query);
	
	$target=UPLOAD_PATH.$image;
	
	move_uploaded_file($_FILES['image']['tmp_name'],$target);
}

?>

Try writing


... WHERE id='$search_get'"

Instead of


... WHERE id = $search_get"

if the id is a numeric column (and most columns called “id” which i’ve seen over the years here are) then this advice is backwards

use quotes to delimit strings, and leave them off numbers

:slight_smile:

A hidden input with that value is probably needed.

Is the form concerned using POST or GET for the method?