php mysql update query

Question

i have this piece of code that allow user to edit their profile from the form using php and mysql when i echo the submitted or changed value it display the right and the edit value but nothing change in the database can anyone help me to solve this problem

this is the part that i am updating the query

if you need any addition files let me know and thank you

search.php

//submit whatthe user types into the database

     $fname = $_POST['fname'];
     $lname = $_POST['lname'];
     $country = $_POST['country'];
     $spec = $_POST['specialization'];

    ///errroor in updating the dataabse 


     $edit_query = mysql_query("UPDATE user SET first_name= '$fname', last_name= '$lname', address= '$country', specialization_name= '$spec' WHERE user_name = '$username'") or die(mysql_error());

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial. — j0k
– j0k, Commented Mar 16, 2013 at 8:38

SteveP · Accepted Answer · 2013-03-16 08:20:32Z

0

You need to initialise the userName variable.

answered Mar 16, 2013 at 8:20

SteveP

19.2k9 gold badges49 silver badges62 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Rayne · Accepted Answer · 2013-03-16 08:20:42Z

0

$username is not defined. As result the query is executed for no database row.

Please use prepared statements instead of sql injectionable mysql_query().

answered Mar 16, 2013 at 8:20

Rayne

2,66921 silver badges29 bronze badges

1 Comment

user2172837 Over a year ago

ahhhh the $username come from the session that i cried out to each protected page

Tapas Pal · Accepted Answer · 2013-03-16 08:23:22Z

0

Try this.....

$edit_query = mysql_query("UPDATE `user` SET first_name= '".$fname."', last_name= '".$lname."', address= '".$country."', specialization_name= '".$spec."' WHERE user_name = '".$username."'") or die(mysql_error());

//Make sure that your $username hold some valid value.

answered Mar 16, 2013 at 8:23

Tapas Pal

7,2578 gold badges45 silver badges90 bronze badges

1 Comment

cHao Over a year ago

The string syntax isn't the issue. If the OP's query didn't work, yours won't either.

Sumit Bijvani · Accepted Answer · 2013-03-16 08:36:13Z

0

$username is required and your query is vulnerable by sql injection. so use mysql_real_escape_string() function

$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$country = mysql_real_escape_string($_POST['country']);
$spec = mysql_real_escape_string($_POST['specialization']);

$edit_query = mysql_query("UPDATE user SET first_name= '$fname', last_name= '$lname', address= '$country', specialization_name= '$spec' WHERE user_name = '$username'") or die(mysql_error());

answered Mar 16, 2013 at 8:36

Sumit Bijvani

8,17518 gold badges52 silver badges83 bronze badges

Collectives™ on Stack Overflow

php mysql update query

search.php

4 Answers 4

Comments

1 Comment

1 Comment

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

search.php

4 Answers 4

Comments

1 Comment

1 Comment

Comments

Your Answer

Sign up or log in

Post as a guest

Related