Updating MYSQL database through PHP

I can’t for the life of me figure out why my coding is not working in order to update my sql database from some php code. I’m hoping there are some kind peeps out there that could easily spot my mistake.

Here’s the code:


  if (isset($_GET['id'])) {
    // Grab the company data from the GET
    $id = $_GET['id'];
	$company = $_GET['company'];
	$main_address = $_GET['main_address'];
	$state = $_GET['state'];

  else if (isset($_POST['id'])) {
    // Grab the company data from the POST
             $id = $_POST['id'];
	$company = $_POST['company'];
	$main_address = $_POST['main_address'];
	$state = $_POST['state'];

  else {
    echo '<p class="error">Sorry, no company was specified for editing.</p>';

  if (isset($_POST['submit'])) {
    if ($_POST['confirm'] == 'Yes') {

      // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 

      // update the company data from the database
     $query="UPDATE company SET company='$company', 
WHERE id = '$id' ";
      mysqli_query($dbc, $query);

      echo '<p>The company '.$company.' was successfully edited.';
    else {
      echo '<p class="error">The company was not edited.</p>';
  else if (isset($id)) {
    echo '<p>Please edit as required.</p>';
    echo '<strong>id: </strong>' . $id . '<br />';
    echo '<form method="post" action="/ims/editcompany.php">';
    echo '<strong>Company:</strong>'.'&nbsp;'.'<input type="text" name="company" value="'.$company.'" />'."<br><br>";
    echo '<strong>Main Address:</strong>'.'&nbsp;'.'<input type="text" name="main_address" value="'.$main_address.'" />'."<br><br>";
 	echo '<strong>State:</strong>'.'&nbsp;'.'<input type="text" name="state" value="'.$state.'" />'."<br><br>";
    echo '<input type="submit" value="Submit" name="submit" />';
    echo '</form>';


If $id is supposed to be a number, you’re not supposed to quote those in the SQL query.

What do you get when you echo the $query variable?

well theoritically seems ok
I know you have just started php scripting ,earlier you start good programming habits better for you
1)you dont need to pass other variables like address etc from $_get here,just id will do …make sql query before form using that id to get other variable
2)have a look at sql injection and escaping
3)you script will tell company edited even if the company is not edited in mysql database
4)whats problem in connecting itself in connectvars if you are any how going to store CONSTANT there…no mandatory but better
5)if possible dont echo whole form put it in plain html with only value variables in php

just some suggestions

What you get when you execute the above code?

That means it is not getting anything in variable id…No get,no post…check where it is coming from…

Thanks for the tips. I will have a look at the when I get home from work later. The message I get in return is the message that I have within my script:

"Sorry, no company was specified for editing.

The company was not edited."