1

I am trying to do a simple edit/update of my data in the database. But somehow it will not work.

So I am able to read out the saved data into the form. I also don't have any errors

enter image description here

I have stared at my code and googled for hours but I don't see where I might have made a mistake with my code.

The printed echo gives the following output which seems to be right:

enter image description here

HTML code:

<form id="formAddCategory" class="FrmCat" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <div class="form-group">
        <!-- hidden id from tbl -->
        <input type="hidden" name="hiddenId" value="<?php echo $hiddenID ?>" />
        <label for="recipient-name" class="control-label">Category Name:</label>
        <input type="text" class="form-control" id="recipient-name1" name="category" required="" value="<?php echo $category ?>" />
     </div>
     <button type="submit" id="btnEditCat" class="btn btn-danger" name="editCategory">Save Category</button>
</form>

Part of my php code to edit/update:

<?php
//edit/update data to db
if(isset($_POST['editCategory'])){
  $categoryUpdate = mysqli_real_escape_string($con, $_POST['category']);
  $categoryID = mysqli_real_escape_string($con, $_POST['hiddenId']);
  $qry = "UPDATE tbl_Category SET category = $categoryUpdate WHERE category_id = $categoryID"; 
  $result = mysqli_query($con, $qry);
  echo $qry;

  if($result){
    header("Location: category.php"); 
  }
}

?>
Improve this question

2 Answers 2

Reset to default
2

You need single quote ' to wrap your parameter:

$qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

omg such a stupid mistake and i have been staring for hours at my code. thanks
1

You should use single quotes (') for values

 $qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";

Also you can use like this to avoid SQL injection (See here)

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.