I am trying to update data through query using PHP but no change in data in DB

Question

I am trying to update company table through query using PHP but no change in DB. MySQL DB.

$pncon->query("UPDATE `company` SET 
                              `name` = '" . $companyName . "',
                              `parent_ID` = '" . $companyParent . "',
                              `address` = '" . $address . "',
                              `phone` = '" . $phone . "',
                              `fax` = '" . $fax . "',
                              `email` = '" . $email . "',
                              `remarks` = '" . $remarks . "',
                              `type` = '" . $system . "',
                              `status` = '". $status ."'
                              WHERE `id` = '" . $id . "' ");

See about sql injection and the importance of prepared and bound queries — Strawberry, Aug 12 '20 at 07:30
Update you question and put the whole peace of code of PDO execution — Edson Magombe, Aug 12 '20 at 07:32
You don't execute it + it is not the correct way to do it in terms of security — WKoppel, Aug 12 '20 at 07:32
Check for mysql / php errors with whatever library you are using to access mysql. — Shadow, Aug 12 '20 at 07:32
Maybe $id doesn't match any rows in your database. P.s. this code is a SQL injection and/or syntax error issue waiting to happen, please learn how to write your queries correctly — ADyson, Aug 12 '20 at 07:50

YUMI · Accepted Answer · 2020-08-12T08:26:26.387

Your query looks fine,but incorrect data types, invalid id or variables or violating other constraints may be the issue.

It is good using PDO statements as it is more secure.

You can modify your code as,

$sql = "UPDATE `company` SET 
  `name` = '" . $companyName . "',
  `parent_ID` = '" . $companyParent . "',
  `address` = '" . $address . "',
  `phone` = '" . $phone . "',
  `fax` = '" . $fax . "',
  `email` = '" . $email . "',
  `remarks` = '" . $remarks . "',
  `type` = '" . $type . "',
  `status` = '" . $status . "'
  WHERE `id` = '" . $id . "' " ;

$stmt = $pncon->prepare($sql); //prepare statement
$stmt->execute(); //execute the query

You can find the difference between PDO query and execute here.

score -2 · Answer 2 · answered Aug 12 '20 at 07:55

-2

$pncon->query("UPDATE company SET 
  name = '$companyName',
  parent_ID = '$companyParent',
  address = '$address',
  phone = '$phone',
  fax = '$fax',
  email = '$email',
  remarks = '$remarks',
  type = '$system',
  status = '$status'
  WHERE id = '$id'");

answered Aug 12 '20 at 07:55

AdityaDees

515
6
28

**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 12 '20 at 11:57
While this code may solve the question, [including an explanation](//meta.stackexchange.com/q/114762) of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please [edit] your answer to add explanations and give an indication of what limitations and assumptions apply. – Dharman Aug 12 '20 at 11:57

I am trying to update data through query using PHP but no change in data in DB

2 Answers2