UPDATE php issue

[ianhaney50]

I am trying to update the info now and when I click update on the form, it is not updating still and redirects to profile.php instead of profile.php?id={$_SESSION['user_id']}

 

<?php

ini_set('display_startup_errors',1);

ini_set('display_errors',1);

error_reporting(-1);


require_once("functions.php");

require_once("db-const.php");


if (logged_in() == false) {

    redirect_to("login.php");

    exit;

} else {

    if (isset($_GET['id']) && $_GET['id'] != "") {

        $id = $_GET['id'];

    } else {

        $id = $_SESSION['user_id'];

    }


$db = mysqli_connect("" , "", "") or die("Check connection parameters!");

    // Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname)  

    mysqli_select_db($db,"") or die(mysqli_error($db));


    if (mysqli_connect_error()) {

        die ('Failed to connect to MySQL');

    }

}


// Prepared statements are better, but at least escape things before tossing them into a query

$id = mysqli_real_escape_string($db, $id);


$sql = "UPDATE u.id, u.name, u.email, u.address1, u.address2, u.town, u.county, u.postcode, 

        u.telnumber, u.mobnumber, u.model, u.numplate, DATE_FORMAT(r.renewal_date, '%e %M %Y') AS renewal,

        i.description

    users AS u

    INNER JOIN renewal AS r ON u.id = r.id

    INNER JOIN item AS i on r.item_id = i.item_id

    WHERE u.id= {$id}";


$query = mysqli_query($db, $sql) or die (mysqli_error($db));


header("location:profile.php?id={$_SESSION['user_id']}");

?>

[scootstah]

I would guess that the script is never reaching the bottom part, where you perform the query and redirect.

 

Unrelated but this caught my eye:

// Prepared statements are better, but at least escape things before tossing them into a query
$id = mysqli_real_escape_string($db, $id);

If you know you have an integer ID, you can just typecast it instead of escaping it. 

$id = (int) $id;

[ianhaney50]

sorry got a update now I added session_start() in as I forgot to include it

 

the edit-page.php now outputs the error

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(r.renewal_date, '%e %M %Y') AS renewal, i.description users AS u ' at line 2

 

below is the whole code

 

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);

require_once("functions.php");
require_once("db-const.php");

include 'includes/header.php';

if (logged_in() == false) {
    redirect_to("login.php");
    exit;
} else {
    if (isset($_GET['id']) && $_GET['id'] != "") {
        $id = $_GET['id'];
    } else {
        $id = $_SESSION['user_id'];
    }

$db = mysqli_connect("176.32.230.22" , "", "") or die("Check connection parameters!");
    // Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname)  
    mysqli_select_db($db,"") or die(mysqli_error($db));

    if (mysqli_connect_error()) {
        die ('Failed to connect to MySQL');
    }
}

// Prepared statements are better, but at least escape things before tossing them into a query
$id = mysqli_real_escape_string($db, $id);

$sql = "UPDATE u.id, u.name, u.email, u.address1, u.address2, u.town, u.county, u.postcode, 
        u.telnumber, u.mobnumber, u.model, u.numplate, DATE_FORMAT(r.renewal_date, '%e %M %Y') AS renewal,
        i.description
    users AS u
    INNER JOIN renewal AS r ON u.id = r.id
    INNER JOIN item AS i on r.item_id = i.item_id
    WHERE u.id= {$id}";

$query = mysqli_query($db, $sql) or die (mysqli_error($db));

header("location:profile.php?id={$_SESSION['user_id']}");
?>

[Barand]

You can't just change the word SELECT to UPDATE and magically get a valid UPDATE statement.

 

  http://dev.mysql.com/doc/refman/5.6/en/update.html

[scootstah]

You can't just change the word SELECT to UPDATE and magically get a valid UPDATE statement.

Ha, yeah, there's your problem.

 

Since your query is failing, you're running die() and thus your redirect never happens.

[ianhaney50]

Sorry got is sussed and working now