I am trying to sort out a query on a web app that I'm making, which keeps failing and I have no idea why! The code is below:
$update = $_GET['update'];
if($update == "true"){
$setDetails="UPDATE users SET email='{$_POST['email']}', api_key='{$_POST['api_key']}', api_secret='{$_POST['api_secret']}' WHERE username={$_POST['username']}";
if(mysql_query($setDetails)){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your details have been updated in our database.</div>';
}else{
$updatemsg = '<div class="alert alert-error"><a href="#" class="close" data-dismiss="alert">×</a><strong>Failure!</strong> Your details could not be updated in our database. Please try again later or contact us if this keeps happening.</div>';
}
}else if($update == "false"){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your changed were discarded.</div>';
}
Any idea's, help or tips? Note that further down my web app I have SELECT * FROM users WHERE username='$username' which works fine so there is no issue with the database connection.
$update = $_GET['update'];
if($update == "true"){
$setDetails="UPDATE users SET email='{$_POST['email']}', api_key='{$_POST['api_key']}', api_secret='{$_POST['api_secret']}' WHERE username='{$_POST['username']}'";
if(mysql_query($setDetails)){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your details have been updated in our database.</div>';
}else{
$updatemsg = '<div class="alert alert-error"><a href="#" class="close" data-dismiss="alert">×</a><strong>Failure!</strong> Your details could not be updated in our database. Please try again later or contact us if this keeps happening.</div>';
}
}else if($update == "false"){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your changed were discarded.</div>';
}
Details: Your code:
$setDetails="UPDATE users SET email='{$_POST['email']}', api_key='{$_POST['api_key']}', api_secret='{$_POST['api_secret']}' WHERE username={$_POST['username']}";
Correct Code:
$setDetails="UPDATE users SET email='{$_POST['email']}', api_key='{$_POST['api_key']}', api_secret='{$_POST['api_secret']}' WHERE username='{$_POST['username']}'";
Missing ' around username string.
Try like this.Put quotes for the username
$setDetails="UPDATE users
SET email='{$_POST['email']}',
api_key='{$_POST['api_key']}',
api_secret='{$_POST['api_secret']}'
WHERE username='{$_POST['username']}' ";
And try to avoid mysql_* statements due to they are deprecated.Instead use mysqli_* statements or PDO statements