I don’t know why, but I always struggle to UPDATE databases with PHP/MySQL.
I am working on a project right now where there are no issues with the database connection, SELECT from the database, or INSERT into the database (I’m using PDO).
But I can’t get my UPDATE to function at all. Could you please take a look at this dummy example below and tell me if I am making errors with the code, or if I am on the right track? This is just one of several different versions I’ve tried. I’m getting a bit tired of spinning my wheels on this one.
<?php
session_start();
require_once('inc/db_connect.php');
if (isset($_GET['id'])) {
$data = array(
'first_name' => $_POST['first_name'],
'address' => $_POST['address'],
'phone' => $_POST['phone'],
'id' => $_GET['id']
);
// update the data
$query = "UPDATE information
SET first_name = :first_name,
address = :address,
phone = :phone,
WHERE id = :id
";
$stmt = $db->prepare($query);
echo $query;
// perform the database query
$stmt->execute($data);
header('location:edit_info.php?msg=y');
exit();
}
?>
Okay. I didn’t know that. Everywhere I look this up, there is something different. So it becomes quite confusing. I’ll try that,
and I switched from passing the ID through the URL to using a hidden input field. Does it really matter, though, whether I use $_POST or $_GET in the array instead of plain variables?
This is what I have now:
<?php
session_start();
require_once('inc/db_connect.php');
if (isset($_POST['id'])) {
$first_name = $_POST['first_name'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$id = $_POST['id'];
$data = array(
':first_name' => $first_name,
':address' => $address,
':phone' => $phone,
':id' => $id
);
// update the data
$query = "UPDATE information
SET first_name = :first_name,
address = :address,
phone = :phone,
WHERE id = :id
";
$stmt = $db->prepare($query);
echo $query;
// perform the database query
$stmt->execute($data);
header('location:edit_info.php?msg=y');
}
?>
It should work anyway… Even if you use a $_GET for the id, it should work as long as your form tag looks similar to:
<form action="form.php?id=123" method="POST">
But, IMO, it’s cleaner to always use POST as much as you can. You should really use GET and pass variables in query string when you want somebody to be able to bookmark the page… but even then, using a ‘friendly URL’ is beter…
This was just a shortened sample of my syntax - the project I’m working on has 32 entries. I’ll set up a test form for this one first, then post it. (Or do you want the original?)
As far as I know, those should be just “=” operators if you’re defining those variables here. So right now, “$id” (and the other variables) are going to all be null…
It shouldn’t matter, GET vs POST, as long as you’re getting values, but I’d either hard code them for testing or use whatever you’re sure is coming in correctly. Maybe echo them to make sure they’re good values.
Also as @DaveMaxwell said, are you getting that $query echo ok, and you’re sure the id exists (after correcting the above?)
echo and die() are your friends. Make sure that you’re getting all the right values coming in at the start, and then at the end too.
only for updates. you should be using GET when not making any changes.
Also the OP has neglected to VALIDATE the data before moving it out of the tainted GET and POST arrays and so is allowing GARBAGE to be inserted into the database.
You will - prepared statements don’t include the values. If your code works like your sample above, and you’re getting to the echo, then there’s definitely a value in $_POST[‘id’].
If you want to see what’s in the $data array, you can use var_dump($data),
Guess that brings back question #2 from above. Are you SURE the id being passed is on the table? Is the id being passed the one you’re expecting?
Post your code in the textbox. Then highlight all the code. Then when the code is highlighted, in the bar above the textbox, you see some editing items. Like “B” and “I”. Click the button that looks like </>