Results 1 to 3 of 3

Thread: unable to edit row in the table

  1. #1
    Join Date
    Mar 2013

    Question unable to edit row in the table


    if (mysqli_connect_errno($con))
    echo "Failed to connect to MySQL: " . mysqli_connect_error();


    $strSQL = "UPDATE student SET ".$_POST[rollno]."' ";
    $strSQL .=",name = '".$_POST["name"]."' ";
    $strSQL .=",phone = '".$_POST[phone]."' ";
    $strSQL .=",address = '".$_POST["address"]."' ";
    $strSQL .=",salary = '".$_POST[salary]."' ";
    $strSQL .="WHERE rollno = '".$_POST[rollno]."' ";
    $query = mysql_query($strSQL);

    $result = mysqli_query($query,$con);

    echo "<table border='3' bgcolor='#FFFF00'>

    while($row = mysqli_fetch_array($result))
    echo "<tr>";
    echo "<td>" . $row[rollno] . "</td>";
    echo "<td>" . $row['name'] . "</td>";
    echo "<td>" . $row[phone] . "</td>";
    echo "<td>" . $row['address'] . "</td>";
    echo "<td>" . $row[salary] . "</td>";
    echo "<td colspan='6' align='center'><a href=update.php?id=".$row[rollno].">Update</td>";
    echo "</tr>";

    echo "</table>";

  2. #2
    Join Date
    Mar 2013
    Iasi, Romania
    you should use $row['field_name']...always put the field name inside ' '

  3. #3
    Join Date
    Jun 2011
    Quote Originally Posted by ssdog View Post
    you should use $row['field_name']...always put the field name inside ' '
    ... unless you're inside of a double-quote delimited string, in which case you would not want to add the quotes around the index value. (There aren't any instances of this in the OP's code - just mentioning it as an option to shorten the code a bit.)

    @subrat: You've got one instance of a mysql_*() function in the code you posted above; if you're using MySQLi, then you can't use any of those functions. Furthermore, you subsequently try to call mysqli_query() but give it the wrong variable name ($query is an undefined variable).

    Note that user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data (e.g. using mysqli_real_escape_string() for string data) or use prepared statements.

    Finally, note that you never check to see if your SQL query was executed successfully and, if not, logging the SQL-provided error message (and hopefully notifying the end user that something went wrong).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center