Problem in update query

Problem in update query, i want to update my table i.e personal_info which contain a foreign key which is related to register_users table i.e users_id.

table21280×657 77.8 KB

table name : register_users contain the registration information.
table name : personal_info contain the users detail and p_user_id column is related to user_id column in register_users table .

$query = "UPDATE personal_info SET fullname = '{$fullname}', solink1 ='{$solink1}',solink2 ='{$solink2}',about ='{$about}',email = '{$email}', desig ='{$desig}',address ='{$address}',city ='{$city}',mobile = '{$mobile}', dob ='{$dob}',age ='{$age}',language ='{$language}',marital = '{$marital}', cctc ='{$cctc}',ectc ='{$ectc}', objective = '{$objective}' WHERE p_user_id=$user_id";

help me to update personal_info table.

Thanks!

Can you include the structure of your tables? Not as a picture, as an SQL structure export. Also, can you tell us what error you’re getting?

1. First turn on errors

ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

2. Use Prepared Statement with either PDO (My Recommendation) or mysqli
3. Not really a rule, but a suggestion or Free Help. Have the form bring in data in an array format.

A detailed example:

<form id="formData" class="checkStyle" action="create_procedural.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="cms[user_id]" value="3">
    <input type="hidden" name="cms[author]" value="<?= Login::full_name() ?>">
    <input type="hidden" name="action" value="upload">
    <div class="file-style">
        <input id="file" class="file-input-style" type="file" name="image">
        <label for="file">Select file</label>
    </div>
    <select class="select-css" name="cms[page]">
        <option value="index">Home</option>
        <option value="blog" selected>Blog</option>
        <option value="about">About</option>
    </select>
    <div class="heading-style">
        <label class="heading_label_style" for="heading">Heading</label>
        <input class="enter_input_style" id="heading" type="text" name="cms[heading]" value="" tabindex="1" required
               autofocus>
    </div>
    <div class="content-style">
        <label class="text_label_style" for="content">Content</label>
        <textarea class="text_input_style" id="content" name="cms[content]" tabindex="2"></textarea>
    </div>
    <div class="submit-button">
        <button class="form-button" type="submit" name="submit" value="enter">submit</button>
    </div>
</form>

That way all you have to do is something like the followoing:

if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_POST['submit'], $_FILES['image'])) {
    $data = $_POST['cms'];

then continuing this example inserting the data is easy →

function insertData(array $data, $pdo, $table) {
    try {
        /* Initialize an array */
        $attribute_pairs = [];

        /*
         * Set up the query using prepared states with the values of the array matching
         * the corresponding keys in the array
         * and the array keys being the prepared named placeholders.
         */
        $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", array_keys($data)) . ')';
        $sql .= ' VALUES ( :' . implode(', :', array_keys($data)) . ')';

        /*
         * Prepare the Database Table:
         */
        $stmt = $pdo->prepare($sql);

        /*
         * Grab the corresponding values in order to
         * insert them into the table when the script
         * is executed.
         */
        foreach ($data as $key => $value)
        {
            if($key === 'id') { continue; } // Don't include the id:
            $attribute_pairs[] = $value; // Assign it to an array:
        }

        return $stmt->execute($attribute_pairs); // Execute and send boolean true:

    } catch (PDOException $e) {

        /*
         * echo "unique index" . $e->errorInfo[1] . "<br>";
         *
         * An error has occurred if the error number is for something that
         * this code is designed to handle, i.e. a duplicate index, handle it
         * by telling the user what was wrong with the data they submitted
         * failure due to a specific error number that can be recovered
         * from by the visitor submitting a different value
         *
         * return false;
         *
         * else the error is for something else, either due to a
         * programming mistake or not validating input data properly,
         * that the visitor cannot do anything about or needs to know about
         *
         * throw $e;
         *
         * re-throw the exception and let the next higher exception
         * handler, php in this case, catch and handle it
         */

        if ($e->errorInfo[1] === 1062) {
            return false;
        }

        throw $e;
    } catch (Exception $e) {
        echo 'Caught exception: ', $e->getMessage(), "\n"; // Not for a production server:
    }

    return true;
}

to call it the function in this function →

        $result = insertData($data, $pdo, 'cms');

        if ($result) {
            header("Location: index.php");
            exit();
        }

The above is just an example and here are some useful links:

https://phpdelusions.net/pdo - PDO Explaned

and my GitHub repository where you can see more code that might help you.

That’s a cool trick strider64. It looks like the browser could decide to update any field it wants though, just by sending different $_POST keys. I’d argue against having that much flexibility available to the client as it make it hard to see where changes are coming from.

<?php session_start(); ?>
<?php include "includes/db.php" ?>
<?php include "includes/header.php" ?>
<?php  $fullname = $email = $solink1 = $solink2 = $about = $desig = $address = $city = $mobile = $dob = $age = $language = $marital = $objective = $cctc = $ectc = $skills = $tags = $user_id = $p_user_id = $p_id =  ""; ?>
<?php 
  if(isset($_GET['p_user_id'])){
  $user_id = $_GET['p_user_id'];
  }
  $query = "SELECT * FROM personal_info WHERE p_user_id='{$user_id}' ";
  
     $about_query = mysqli_query($connection,$query);
      if(!$about_query){
             die('QUERY FAILED' . mysqli_error($connection));
            }
     while($row = mysqli_fetch_array($about_query)){
          $p_id=$row['p_id'];
          $p_user_id=$row['p_user_id'];
          $fullname=$row['fullname'];
          $email=$row['email'];
          $solink1=$row['solink1'];
          $solink2=$row['solink2'];
          $about=$row['about'];
          $desig=$row['desig'];
          $address=$row['address'];
          $city=$row['city'];
          $mobile=$row['mobile'];
          $dob=$row['dob'];
          $age=$row['age'];
          $language=$row['language'];
          $marital=$row['marital'];
          $objective=$row['objective'];
          $cctc=$row['cctc'];
          $ectc=$row['ectc'];
          
        }

         
?>



        


<div class="row">
  <div class="col-lg-4 col-md-4 col-sm-4 col-12 pt-5">

    <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="POST">

    <div class="form-group">
      <label for="">Full Name</label>
      <input type="text" value="<?php echo $fullname; ?>" name="fullname"  class="form-control">
       </div>
       <div class="form-group">
      <label for="">Current Address</label>
      <input type="text" value="<?php echo $address; ?>" name="address" class="form-control">
       </div>
       <div class="form-group">
      <label for="">D.O.B</label>
      <input type="date" value="<?php echo $dob; ?>" name="dob" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Marital Status</label>
      <input type="text" value="<?php echo $marital; ?>" name="marital" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Linkedin Profile URL</label>
      <input type="url" value="<?php echo $solink1; ?>" name="solink1" class="form-control">
       </div>
       <div class="form-group">
      <label for="">About</label>
      <textarea name="about" id="" cols="38" rows="3"><?php echo $about; ?></textarea>
       </div>

  </div>

  <div class="col-lg-4 col-md-4 col-sm-4 col-12 pt-5">
    
    <div class="form-group">
      <label for="">Email-Id</label>
      <input type="email" value="<?php echo $email; ?>" name="email" class="form-control">
       </div>
       <div class="form-group">
      <label for="">City</label>
      <input type="text" value="<?php echo $city; ?>" name="city" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Age</label>
      <input type="number" value="<?php echo $age; ?>" name="age" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Current CTC</label>
      <input type="text" value="<?php echo $cctc; ?>" name="cctc" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Skype URL</label>
      <input type="url" value="<?php echo $solink2; ?>" name="solink2" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Objective</label>
      <textarea name="objective" id="" cols="38" rows="3"><?php echo $objective; ?></textarea>
       </div>

  </div>

  <div class="col-lg-4 col-md-4 col-sm-4 col-12 pt-5">
  

    <div class="form-group">
      <label for="">Mobile No.</label>
      <input type="number" value="<?php echo $mobile; ?>" name="mobile" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Designation</label>
      <input type="text" value="<?php echo $desig; ?>" name="desig" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Language Spoken</label>
      <input type="text" value="<?php echo $language; ?>" name="language" class="form-control">
       </div>
       <div class="form-group">
      <label for="">Expected CTC</label>
      <input type="text" value="<?php echo $ectc; ?>" name="ectc" class="form-control">
       </div>

    
 <input type="hidden" name="update_pdetails" value="<?php echo $post['p_user_id']; ?>">
 <input type="submit" name="update_pdetails" value="Update" class="btn btn-primary">
       






     </form>  
  </div>
</div>
<?php 
 if (isset($_POST['update_pdetails'])) {
   
    $fullname = mysqli_real_escape_string($connection, $_POST['fullname']);
    $solink1 = mysqli_real_escape_string($connection, $_POST['solink1']);
    $solink2 = mysqli_real_escape_string($connection, $_POST['solink2']);
    $about = mysqli_real_escape_string($connection, $_POST['about']);
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $desig = mysqli_real_escape_string($connection, $_POST['desig']);
    $address = mysqli_real_escape_string($connection, $_POST['address']);
    $city = mysqli_real_escape_string($connection, $_POST['city']);
    $mobile = mysqli_real_escape_string($connection, $_POST['mobile']);
    $dob = mysqli_real_escape_string($connection, $_POST['dob']);
    $age = mysqli_real_escape_string($connection, $_POST['age']);
    $language = mysqli_real_escape_string($connection, $_POST['language']);
    $marital = mysqli_real_escape_string($connection, $_POST['marital']);
    $cctc = mysqli_real_escape_string($connection, $_POST['cctc']);
    $ectc = mysqli_real_escape_string($connection, $_POST['ectc']);
    $objective = mysqli_real_escape_string($connection, $_POST['objective']);
}
    
   
  $update_query = "UPDATE personal_info SET p_user_id = '{$p_user_id}', fullname = '{$fullname}', solink1 ='{$solink1}',solink2 ='{$solink2}',about ='{$about}',email = '{$email}', desig ='{$desig}',address ='{$address}',city ='{$city}',mobile = '{$mobile}', dob ='{$dob}',age ='{$age}',language ='{$language}',marital = '{$marital}', cctc ='{$cctc}',ectc ='{$ectc}', objective = '{$objective}' WHERE p_user_id='$user_id' ";
  $result = mysqli_query($connection, $update_query);

  if (!$result) {
     die("QUERY FAILED . mysqli_error($connection)");
    }
      
  

 

 ?>

<?php include "includes/footer.php" ?>

this is my code cant update

If you are just starting out, get your code to work for one form field, then worry about the code needed for the rest of the fields (you would actually use a data driven design, to let you dynamically process the form data, so that you are not writing out repeated logic for each field.) Witting out code for 16 fields, that will end up needing to be changed multiple times before it reaches its final form, is a waste of time.

Next, what learning resource are you using for this? The posted code is out of date, filled with unnecessary typing , poorly organized, insecure, doesn’t have needed validation logic, contains logic mistakes that will cause it to not work as expected, instead producing php errors, has query error handling that will help a hacker on a live site, and in another case has error handling that will display the connection properties, rather than actual error information.

If you are serious about learning by doing this, I/we can provide good programming practices to use, but there’s almost nothing in the current code worth keeping.

To get you started, code on a page should be laid out in this general order -

1. Initialization - define, create, … things that the page needs.
2. Post method form processing.
3. Get method business logic - get/produce data needed to display the dynamic content.
4. Html document.