MYSQL TABLE NOT UPDATED.

ajithota · Mar 30, 2017

Hello all,
I am trying to update a record in my database and MYSQL query but the field is not changeing
but when i mention Name and ID then the data is updating but its cant fatch data by the variable.

Ex: pudate_action.php

<?php
/* Attempt MySQL server connection.  */
$link = mysqli_connect("localhost", "root", "", "maternity");

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
 $name=$_POST['pat_name'];
// Attempt update query execution
$sql = "UPDATE patent SET pat_name='w' WHERE sl_no=10";
if(mysqli_query($link, $sql)){
    echo "Records were updated successfully.";
} else {
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

// Close connection
mysqli_close($link);
?>

But when i write this code , its change nothing:

<?php
/* Attempt MySQL server connection.  */
$link = mysqli_connect("localhost", "root", "", "maternity");

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
 $name=$_POST['pat_name'];
 $id=$_POST['sl_no'];
// Attempt update query execution
$sql = "UPDATE patent SET pat_name='$name' WHERE sl_no='$id'";
if(mysqli_query($link, $sql)){
    echo "Records were updated successfully.";
} else {
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

// Close connection
mysqli_close($link);
?>

Plesase help me, from last 2 days i try a lot but i cant solve this problem
Thankyou in advance.

dalecosp · Mar 30, 2017

First off, taking data directly from the POST array and sticking it in the database is a security flaw, and a huge potential security problem.

Obligatory XKCD comic: https://xkcd.com/327/

PHP Manual: Database Security: SQL Injection

Now, to the other issue. What is your error statement saying? And is there any chance the DB field is actually named "patient", not "patent" ?

NogDog · Mar 30, 2017

The fact that mysqli_query() does not return false does not mean that it updated anything. mysqli_affected_rows() can tell you that.

Also, if sl_no is a numeric index, you do not want to quote it. You can also cast it to integer to help prevent the aforementioned SQL injection:

$sql = "UPDATE patent SET pat_name='$name' WHERE sl_no=" . intval($id);