0

This code has a form and when the use click submit I trying to update a database but I don't know for some reason my update query is not working, this piece of code detects an eror

 catch(PDOException $ex)
      {
        die("Error");
      }

any ideas of how to fix this problem

if(empty($_SESSION['user']))
{
  header("Location: index.php");
  die("Redirecting to index.php");
}

if(!empty($_POST))
{
  if(empty($_POST['name']))
  {
    die("Enter a name");
  }

  $query = "SELECT 1 FROM courses WHERE name = :name";
  $query_params = array(':name' => $_POST['name']);

  try
  {
    $stmt = $db->prepare($query);
    $result = $stmt->execute($query_params);
  }
  catch(PDOException $ex)
  {
    die("Error 1");
  }

  $row = $stmt->fetch();

  if($row)
  {
      die("Same Name");
  }

  $nombre = $_SESSION['user']['username'];
  $name = $_POST['name'];
  $query = "UPDATE courses SET name = '$name' WHERE id = 1)";


  try
  {
    $stmt = $db->prepare($query);
    $stmt->execute();
  }
  catch(PDOException $ex)
  {
    die("Error");
  }

  header("Location: index.php");
  die("Redirecting to index.php");
}


?> 
<?php 
foreach($rows as $row):    
  echo '<form action="mod.php" method="post">';
  echo '<input type="text" name="name" value="' .htmlentities($row['name']) . '" />'; 
  echo '<input type="submit" value="submit">';
  echo '</form>';
endforeach;
Improve this question
2
  • 1
    the $name is unescaped. May contain injections... Commented Apr 4, 2014 at 7:57
  • 3
    you would get the answer if you evaluated the exception instead of just printing "Error". try die("SQL Error: " . $ex->getMessage( )); Commented Apr 4, 2014 at 7:58

2 Answers 2

Reset to default
3

The right way

$query = "UPDATE courses SET name = '$name' WHERE id = 1";

There was a parenthesis hanging on the end.

 $query = "UPDATE courses SET name = '$name' WHERE id = 1)";
                                                         ^---- Here

As Gerald Schneider mentioned in this comment, please do the change so you can track your errors at ease.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much, I didn't see that parenthesis, I don't know if is because is late but I was working on that simple query for more than an hour
0

Make sure to put your PHP variable the following way:

$query = "UPDATE courses SET name = '".$name."' WHERE id = 1";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.