Why does update query only work in phpmyadmin?

Question

0.00/5 (No votes)

See more:

XML

<div id="main">

            <?php
if (isset($_GET['id']))
{
    $i = $_GET['id'];
}
else {
    $i = "";
}
            $sql = "UPDATE tblconcerns SET read_status=1 WHERE message_id = $i";


            $sql = "SELECT * FROM tblconcerns WHERE message_id = $i";
            $result = mysqli_query($conn, $sql);
            ?>
            <div style="text-align: left; margin-bottom: 20px">

                <strong>Subject: </strong>

            <?php
            if ($result)
            {
                echo $sql;
                while ($row = mysqli_fetch_array($result))
                {


                    echo $row['title']."<br/>"
                            . "<strong>Sender's email:</strong> ".$row['sender_email']."<br/>"
                            . "<strong>Date/Time:</strong> ".$row['date']."/".$row['time']
                            ."READ: {$row['read_status']}"
                            . "<hr>";
                    ?>
            </div>
            <div style="text-align: center">
            <?php
            echo $row['concern'];

                }
                ?>
            </div>
                <?php
            }

            else {
                echo mysqli_error();
            }


            ?>
        </div>

I tried my update query in phpmyadmin and it works just fine, however when I'm trying to see if it works in the actual site, it doesn't update. I'm using the user 'root' which has all the privileges enabled.

Posted 2-Oct-15 4:31am

kmllev

Updated 2-Oct-15 4:37am

v4

Add a Solution

Comments

Richard Deeming 2-Oct-15 11:02am

You seem to be missing the code to execute the UPDATE query. You've assigned the query to a string, and then immediately overwritten it.

kmllev 2-Oct-15 11:07am

What code could that possibly be? I tried to separate the query for update in a separate php file and then just set a header to redirect to the php file that will display things, but it's still not working?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2015-10-02T05:20:00

You're missing the code to execute the UPDATE query.

Something like this should work:

PHP

if (isset($_GET['id']))
{
    $i = $_GET['id'];
    $sql = "UPDATE tblconcerns SET read_status=1 WHERE message_id = $i";
    mysqli_query($conn, $sql);
}

$sql = "SELECT * FROM tblconcerns WHERE message_id = $i";
$result = mysqli_query($conn, $sql);

However, this code is vulnerable to SQL Injection[^]. You need to use preparent statements[^] to pass the parameter to the query.

PHP

if (isset($_GET['id']))
{
    if ($stmt = mysqli_prepare($conn, "UPDATE tblconcerns SET read_status = 1 WHERE message_id = ?")) 
    {
        $id = $_GET['id'];
        mysqli_stmt_bind_param($stmt, "id", $id);
        mysqli_stmt_execute($stmt);
    }
}