Updating MYSQL database through PHP

Newbird · April 16, 2010, 2:07am

I can’t for the life of me figure out why my coding is not working in order to update my sql database from some php code. I’m hoping there are some kind peeps out there that could easily spot my mistake.

Here’s the code:


<?php
  require_once('connectvars.php');

  if (isset($_GET['id'])) {
    // Grab the company data from the GET
    $id = $_GET['id'];
	$company = $_GET['company'];
	$main_address = $_GET['main_address'];
	$state = $_GET['state'];

  }
  else if (isset($_POST['id'])) {
    // Grab the company data from the POST
             $id = $_POST['id'];
	$company = $_POST['company'];
	$main_address = $_POST['main_address'];
	$state = $_POST['state'];

  }
  else {
    echo '<p class="error">Sorry, no company was specified for editing.</p>';
  }

  if (isset($_POST['submit'])) {
    if ($_POST['confirm'] == 'Yes') {


      // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 

      // update the company data from the database
     $query="UPDATE company SET company='$company', 
main_address='$main_address', 
state='$state' 
WHERE id = '$id' ";
      mysqli_query($dbc, $query);
      mysqli_close($dbc);

      echo '<p>The company '.$company.' was successfully edited.';
    }
    else {
      echo '<p class="error">The company was not edited.</p>';
    }
  }
  else if (isset($id)) {
    echo '<p>Please edit as required.</p>';
    echo '<strong>id: </strong>' . $id . '<br />';
    echo '<form method="post" action="/ims/editcompany.php">';
    echo '<strong>Company:</strong>'.'&nbsp;'.'<input type="text" name="company" value="'.$company.'" />'."<br><br>";
    echo '<strong>Main Address:</strong>'.'&nbsp;'.'<input type="text" name="main_address" value="'.$main_address.'" />'."<br><br>";
 	echo '<strong>State:</strong>'.'&nbsp;'.'<input type="text" name="state" value="'.$state.'" />'."<br><br>";
    echo '<input type="submit" value="Submit" name="submit" />';
    echo '</form>';
  }



?>

Paul_Wilkins · April 16, 2010, 3:23am

If $id is supposed to be a number, you’re not supposed to quote those in the SQL query.

What do you get when you echo the $query variable?

frank1 · April 16, 2010, 4:24am

well theoritically seems ok
I know you have just started php scripting ,earlier you start good programming habits better for you
1)you dont need to pass other variables like address etc from $_get here,just id will do …make sql query before form using that id to get other variable
2)have a look at sql injection and escaping
3)you script will tell company edited even if the company is not edited in mysql database
4)whats problem in connecting itself in connectvars if you are any how going to store CONSTANT there…no mandatory but better
5)if possible dont echo whole form put it in plain html with only value variables in php

just some suggestions

achintya · April 16, 2010, 5:32am

What you get when you execute the above code?

achintya · April 16, 2010, 12:17pm

That means it is not getting anything in variable id…No get,no post…check where it is coming from…

Newbird · April 16, 2010, 11:53am

Thanks for the tips. I will have a look at the when I get home from work later. The message I get in return is the message that I have within my script:

"Sorry, no company was specified for editing.

The company was not edited."