-7

I want to update information. when I use the below in code is not working what is wrong in my code:

if(isset($_POST['submit'])){
    $sql = "UPDATE  `food`.`food_item` 
    SET `food_name` =  '$_POST[food_name]',
        `food_price` =  '$_POST[food_price]',
        `food_cat` =  '$_POST[food_category]' 
        WHERE  `food_item`.`id` ='$_POST[id]';";

    $result = mysql_query($sql) or die("query not");

    header("Location: product_info.php") ;
}
Improve this question
10
  • add you db connection mysql_query($sql, $your_connection) . btw you may start to learn PDO connection as what your using is deprecated Commented Apr 30, 2015 at 3:51
  • What's the error message you get? Commented Apr 30, 2015 at 3:52
  • 1
    Also, please take a look at null-byte.wonderhowto.com/how-to/… for why you really do not want to put _POST data straight into your sql. Commented Apr 30, 2015 at 3:54
  • Try to remove the semicolon inside the '$sql' string Commented Apr 30, 2015 at 3:55
  • 2
    $result = mysql_query($sql) or die(mysql_error()); Commented Apr 30, 2015 at 3:58

4 Answers 4

Reset to default
6

If you have a form input like,

<input type="text" name="product_name" />

You should get the value by,

 $_POST['product_name'];


Is your form method is POST for GET?

If your method type is POST, you should get it like $_POST['input_name']

If your method type is GET, you should get it like $_GET['input_name']


Does all your input name you mentioned in html matches in php code?

Eg : If you have a form with input type,

  <input type="text" name="product_name" />

Then, in php code, you should get it with what you entered in name attribute

   $_POST['product_name'] OR $_GET['product_name']

Not something like,

   $_POST['prod_name'] OR $_GET['prod_name']


Try this,

if(isset($_POST['submit'])
{
 $food_name = $_POST['food_name'];
 $food_price = $_POST['food_price'];
 $food_cat = $_POST['food_category']; 
 $id = $_POST['id'];

 // do not directly input the form data to sql, filter it by a special function mysqli_real_escape_string
// eg : $food_price = mysqli_real_escape_string($db, $_POST['food_price']);
// before executing the query, try to echo the each form input and sql query for clear picture.

$sql = "UPDATE  `food`.`food_item` SET `food_name` =  '$food_name',`food_price` =  '$food_price',`food_cat` =  '$food_cat' WHERE  `food_item`.`id` ='$id'";
$result = mysqli_query($db, $sql);
if($result)
{
    //header("Location: product_info.php") ;
    echo "success";
}
else
{
   echo "fail";
 }
}
else
{
  echo "form not submitted";
  // use header to redirect to old page again
}

WARNING :

mysql is deprecated. Use mysqli or PDO.

Note :

$db is a database connection variable. You need to setup like 

$db = mysqli_connect("localhost","username","password","database_name");

Look it's not mysql_connect, its mysqli_connect. Replace the db value according to your needs.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You should get the value by, $_POST['product_name']; NOT $_POST[product_name]; - Although it's not good practice, their POST arrays in their values are perfectly valid. However, OP may not be telling us everything. We also do not know which MySQL API they are using to connect with.
Why you want to declare a new variable for assigning this post variables which consumes more memory?
Remember, we also don't know what their HTML form looks like neither. They may not have name attributes for any of their elements, including their submit button, which their code execution relies completely inside that conditional statement. Plus, if their form's method is GET, then that will also contribute to a silent failure. Think ahead ;-)
@Fred-ii- I agree. I'll try to add that too.
2

You can try following code to find the error.

echo mysql_error(); exit;

after following code.

$result = mysql_query($sql)
Improve this answer

1 Comment

I didn't see comment.
0

In order to access the array variables inside double quoted string, either do by enclosing them in curly brackets or put it outside the double quotes and append as a string. Here you try adding curly brackets like this: 

if(isset($_POST['submit'])){
    $sql = "UPDATE  `food`.`food_item` 
    SET `food_name` =  '{$_POST['food_name']}',
        `food_price` =  '{$_POST['food_price']}',
        `food_cat` =  '{$_POST['food_category']}' 
        WHERE  `food_item`.`id` ='{$_POST['id']}';";

    $result = mysql_query($sql) or die("query not");

    header("Location: product_info.php") ;
}
Improve this answer

Comments

0

Just echo $sql; Check what are the actual values in the query. Copy & run it in MYSQL query.

I think that you applied back ticks () on field names food_name . Remove back ticks & replace it with single quote ( ' )

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.