0

I have a problem with variables in an SQL Statement. I have a form where a user can update his profile. The form redirects to action.php?action=settings

When I try without $variables, there is no problem! But the thing is, I have a lot of queries like this, but not for updating.

function change_user_data($trainer) {
    require("database.php");

    try {
        $results = $db->query("UPDATE trainer SET email='$email', status='$status', password='$password' WHERE name='$trainer'");        
    } catch (Exception $e) {
        echo "Data could not be changed!";
        exit;
    }
}

and this is my action.php

if ($action == "settings")  {
    $email = $_POST['email'];
    $status = $_POST['status'];
    $password = $_POST['password'];

    change_user_data($trainer);
}

When I echo those $variables, they get displayed so they are not empty. But this query updates my table but with no data, so everything is empty afterwards.

Improve this question
1
  • I'm not an expert in PHP, but from this question, I think there is a problem with concatenating the data in the query. However, this seems prone to SQL injection and would be better to use prepared statements Commented Sep 26, 2014 at 7:50

6 Answers 6

Reset to default
0

I think the problem is variable scope.

Variables defined outside of function cannot use in function except global variable or something.

You have two method.

First. If change_user_data function is in action.php file, add "global $email, $status, $password" like this:

function change_user_data($trainer) {

    global $email, $status, $password;

    require("database.php");

    try {
        $results = $db->query("UPDATE trainer SET email='$email', status='$status', password='$password' WHERE name='$trainer'");        
    } catch (Exception $e) {
        echo "Data could not be changed!";
        exit;
    }
}

Or second. Pass the email, status, password data to function. Then you can use it.

Please check this manual:

http://php.net/manual/en/language.variables.scope.php

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

While your diagnosis is correct, the prescription might not be. Please don't advise the use of global variables for something that's so simple it can be done with adding parameters to the function
so this worked for me but i did it like Touregsys wrote: change_user_data($trainer, $email, $password, $status); I think this is the best way for things like that or what do you think? can you tell me why i should use global
0

you can try this:

$results = $db->query("UPDATE trainer SET email='".$email."', status='".$status."', password='".$password."' WHERE name='".$trainer."'");
Improve this answer

Comments

0 
change_user_data($trainer, $email, $password, $status);

function change_user_data($trainer, $email, $password, $status) {
    require("database.php");

    try {
        $results = $db->query("UPDATE trainer SET email='$email', status='$status', password='$password' WHERE name='$trainer'");        
    } catch (Exception $e) {
        echo "Data could not be changed!";
        exit;
    }
}
Improve this answer

Comments

0

After You Gettings Post varibles Then Check For those variables whether those are empty or not if not empty or NULL Then Update Database with Update Query With Non empty Variables

Improve this answer

Comments

0

May be

  • Wrong data type of your columns. Check your table structure carefully. Example: if you set you column email as int then you cannot insert or update it's row value as text or letter
  • Incorrect variables inside single quote. Try to concatenate variable and query string for better practice

If those don't work

Try to make mysql syntax error and check values of those variables, then you can define the error.

Sorry for my bad english

Improve this answer

Comments

0

You have few problems with this function:

  • Scoping issue, you did not pass all values
  • You are vulnerable to sql injection
  • You dont check if the record is updated

function:

function change_user_data($db, $params) {
    try {
        $sql = "UPDATE trainer SET email= ?, status=?, password=? WHERE name=?";
        $stmt = $db->prepare($sql);  
        $stmt->execute($params);
        $success = ($stmt->rowCount() > 0) ? true : false;
    } catch (Exception $e) {
        echo "Data could not be changed!";
        $success = false;
    }
return $success;
}

Usage

require("database.php");

$params = array($trainer, $email, $password, $status);
$user_data_updated = change_user_data($db, $params);

if($user_data_updated){
  echo 'user data updated';
}else{
  echo 'user data did not update';
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.