0

Here is my code. In this code, when you edit and "update" the data in the database by using PHP, it doesn't change the data in the database or myphpadmin. Take a look at the below code:

<?php
include("dataconn.php"); //connect to database with the external php.

if($_SESSION["loggedin"]!="true")
    header("location:admin_login.php");

$aid=$_SESSION["userid"];
$admin_info="select * from admin where AD_ID='".$aid."'";

    if(isset($_POST["savebtn"]))
{
    $adname=$_POST["name"];
    $adaddress=$_POST["address"];
    $ademail=$_POST["email"];
    $adcontact=$_POST["contact"];

            mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid");

    header("location:profile.php");

}

 ?>

    <body>

        <form name="edit" method="post" action="">
            <tr>
                <th class="title">Name</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["AD_NAME"]?>" name="name"/></th>

            </tr>

            <tr>
                <th class="title">Address</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["ADDRESS"];?>" name="address" /></th>
            </tr>
            <tr>
                <th class="title">Email</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["EMAIL"];?>" name="email"/></th>
            </tr>
            <tr>
                <th class="title">Contact Number</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["CONTACT_NUM"];?>" name="contact"></th>
            </tr>

        <table>

        <span id="edit"><input type="submit" name="savebtn" value="SAVE/CHANGE"/></span>
        </form>


  </body>
   </html>

I have tried to fix this numerous times,but it still has the same problem. Can you help me?

Improve this question
10
  • 1
    Do you get an error? Also, look into prepared statements, or you will get an SQL injection attack. Commented Jul 17, 2013 at 14:01
  • 2
    you should be either storing and checking mysql_query or testing for no mysql_error. also, look in to using PDO statements, as accepting values directly from $_POST and placing them in your query is dangerous. Commented Jul 17, 2013 at 14:02
  • check if there is any sql error using mysql_error() Commented Jul 17, 2013 at 14:04
  • 1
    stackoverflow.com/questions/12859942/… Commented Jul 17, 2013 at 14:05
  • 1
    Your code style is HORRIBLE and hurts in the eyes. '" . $adcontact . "' where AD_ID=" . $aid), header("Location: admin_login.php");, ... framework.zend.com/manual/1.12/de/… Commented Jul 17, 2013 at 14:10

3 Answers 3

Reset to default
1

To help finfing the error:

<?php

echo $adname . '<br />';
echo $adaddress . '<br />';
echo $ademail . '<br />';
echo $adcontact . '<br />';

$result = mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid");

if (!$result) {
    die('Invalid query: ' . mysql_error());
}else{
    //header("location:profile.php");
    echo "Success";
}


?>

And try to change your code to PDO, something like this:

<?php

if(isset($_POST["savebtn"])){

$adname=$_POST["name"];
$adaddress=$_POST["address"];
$ademail=$_POST["email"];
$adcontact=$_POST["contact"];

try {
  $pdo = new PDO('mysql:host=localhost;dbname=someDatabase', $username, $password);
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  $stmt = $pdo->prepare('UPDATE admin SET AD_NAME=:adname ,ADDRESS = :adaddress , EMAIL = :ademail , CONTACT_NUM = :adcontact WHERE AD_ID = :aid');

  $stmt->execute(array(
    ':adname'   => $adname,
    ':adaddress' => $adaddress,
    ':ademail' => $ademail,
    ':adcontact' => $adcontact,
    ':aid' => $aid
  ));

  header("location:profile.php");

} catch(PDOException $e) {
  echo 'Error: ' . $e->getMessage();
}

}

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

it just show me ** $adaddress . '<br />'; echo $ademail . '<br />'; echo $adcontact . '<br />'; and success** and $adname . missing
@JCChan One small detail in your HTML, you need to fix your table structure, open <table> tag, close properly </table> and you just need <th>TITLE: </th><td><input ..... /></td>
1

Try to replace you current tag with the one I listed below maybe it will help.

<form name="edit" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Improve this answer

Comments

0

You definitely should consider moving to mysqli or PDO for your PHP MYSQL integration. At the very minimum you should be using at least some form of input escaping (ie using mysql_real_escape_string()).

In regards to it not working you really need to let php/mysql tell you what it's error is; like so:

$result = mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid") or die("Error with query: ".$query."<br /> Error message: ".mysql_error());

However that being said to really be able to help it would be useful to have - 1 the error message - 2 the table definition

Despite that I am guessing that your problem is probably in the WHERE clause of the query - try it as "...where AD_ID='$aid'"

Improve this answer

1 Comment

I had try it,unfortunately not error message shown and remain the same problem.Anyway,thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.