Click here to Skip to main content
13,804,094 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
the database cannot update the data and
$customer_id =$_GET['customer_id'];
is error here. someone please help me :'(

What I have tried:

<?php

include "config.php";
$link = mysqli_connect($h ,$u ,$p,$db);
$customer_id =$_GET['customer_id'];

$sql="select*from customer where customer_id='$customer_id' ";
$result=mysqli_query($link,$sql);
$check =mysqli_fetch_array($result);

if (isset($_POST['done']))
{

$cuname=$_POST['cuname'];
$phoneno=$_POST['phoneno'];
$email=$_POST['email'];
$address=$_POST['address'];

$sql="update customer set cuname='$cuname',phoneno='$phoneno',email='$email',address='$address' where customer_id='$customer_id'";

if(!$sql)
{
echo "error";
}
else {
echo "try again" ;
}
}


?>

<html>
<form  method=post onsubmit="return check()"  >
<input type="text" name="cuname" value="<?php echo $check['cuname'];?>" placeholder="name">
<input type="text" name="phoneno" value="<?php echo $check['phoneno'];?>" placeholder="phoneno">
<input type="text" name="email" value="<?php echo $check['email'];?>" placeholder="email">
<input type="text" name="address" value="<?php echo $check['address'];?>" placeholder="address">
<input type="submit" name="done" >

</form>
</html>
<a href="home.html">Home</a>
Posted
Updated 8-Dec-18 3:43am

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Quote:
the database cannot update the data and
$customer_id =$_GET['customer_id'];

is error here.

What error message ?
An error in code before updating statement id enough to prevent any update.
Also make sure customer_id exist in your form.

$sql="update customer set cuname='$cuname',phoneno='$phoneno',email='$email',address='$address' where customer_id='$customer_id'";

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web06 | 2.8.181218.1 | Last Updated 8 Dec 2018
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100