0

I couldn't find any error. I tried the query on phpmyadmin and it works well but when I do in php page, it couldn't update into DB. The following code below:

$registerID = ($_POST['registerID']); $firstName = ucwords(htmlspecialchars($_POST['firstName'])); $lastName = ucwords(htmlspecialchars($_POST['lastName'])); $emailAddress = htmlspecialchars($_POST['emailAddress']); $mainAddress = ucwords(htmlspecialchars($_POST['fullAddress'])); $updateCity = ucwords($_POST['userCity']); $updateCountry = $_POST['userCountry']; $postalCode = strtoupper(htmlspecialchars($_POST['userZip'])); $profilePic = $_POST['pic']; $updateProf = " UPDATE register_user SET firstName='$firstName', lastName='$lastName', emailAddress='$emailAddress', mainAddress='$mainAddress', registerCity='$updateCity', registerCountry='$updateCountry', postalCode='$postalCode' WHERE registerID = '$registerID'"; if (mysqli_query($mysqli, $updateProf)) { echo "Record updated successfully"; } else { echo "Error updating record: " . mysqli_error($mysqli); }

In the end, there are no errors after I updated on the webpage, it just show Record updated successfully. But it didn't update into DB. Any ideas?

UPDATED CODING

$checkProfile = "SELECT * FROM register_user where emailAddress = '$emailAddress'"; $editProfile = mysqli_query($mysqli,$checkProfile); if ($editProfile) { if (mysqli_num_rows($editProfile) > 0) { header("Location: event?error=That name of email has already been taken"); } else { $updateQuery = "UPDATE register_user SET firstName = '$firstName', lastName = '$lastName', emailAddress = '$emailAddress', mainAddress = '$mainAddress', registerCity = '$updateCity', registerCountry = '$updateCountry', postalCode = '$postalCode' WHERE registerID = '$registerID'"; $updateResult = mysqli_query($mysqli,$updateQuery); header("Location: profileUser"); } }

After I updated, it still doesn't work after I am using prepared statement. Any ideas?

Improve this question
5
  • it didn't insert into DB? your doing an update, why should it insert? Commented Nov 17, 2014 at 10:16
  • Sorry, i meant update.. Commented Nov 17, 2014 at 10:18
  • Not an answer to your question, but I think you're open to SQL injection with that query... Try to parametrise your query instead... Commented Nov 17, 2014 at 10:23
  • 1
    Your code is vulnerable to SQL injections. Use prepared statements! Using htmlspecialchars in this context is pretty bad practice. Use it before you output the data, not when you store it! Commented Nov 17, 2014 at 10:24
  • @BreyndotEchse thank you for your suggestion, I shall using prepare statement to make it perfect. Commented Nov 17, 2014 at 10:29

1 Answer 1

Reset to default
1

Try executing the query first, saving it into a variable. then, check if the query executed by doing:

if(!$query) echo "Query error : " . $mysqli->error;

This will give you more detailed error report.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If you try to execute the query directly in phpmyadmin, using not variables but sample data, does it work?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.