I am relatively new to php. In the following code, I am trying to UPDATE the users 'dietID' (their current diet, of which they selected when they registered) so that it changes their dietID stored in the users database. However upon pressing the 'Change' submit button, nothing happens and nothing gets updated. Can anybody understand why?
Form processing code:
<?php
if(trim($_POST['submit']) == "Change") {
require_once("connect.php");
if (!$db_server) {
die("Unable to connect to MySQL: " . mysqli_connect_error($db_server));
} else {
mysqli_select_db($db_server, $db_database) or die("<h1>Couldn't find db</h1>");
//UPDATE records of users table
$query="UPDATE users SET dietID=".$dietopt." WHERE ID= $sess_userID";
mysqli_query($db_server, $query) or die("Update failed" . mysqli_error($db_server));
}
require_once("db_close.php");
} else {
$message= "Your diet has been updated";
}
?>
Form:
Would you like to change what your current diet is? Please select one
<br>
<form action="account.php" method="post">
<td><input type="radio" name="dietopt" value="Meat-eater"/>Meat-eater</td>
<tr>
<td><input type="radio" name="dietopt" value="Vegetarian"/>Vegetarian</td></tr>
<tr>
<td><input type="radio" name="dietopt" value="Vegan"/>Vegan</td></tr>
<br>
<input type="submit" name="Change" value="Change">
<br>
</form>
and the session variable created on the register page (not in any format, copy and pasted from snippets of the entire code of the register page):
$dietopt = $row['dietID'];
$_SESSION['diet'] = $dietopt;
$dietopt= trim($_POST['dietopt']);
Some things to correct:
First the name of the submit button is "Change", so you should change:
if(trim($_POST['submit']) == "Change") {
by:
if(trim($_POST['Change']) == "Change") {
Secondly, the value of $dietopt will be a string, like "Vegan" and thus needs to be quoted. If this is indeed what you expect, then replace this line:
$query="UPDATE users SET dietID=".$dietopt." WHERE ID= $sess_userID";
By:
$query="UPDATE users
SET dietID='"
.mysqli_real_escape_string($db_server,$_POST['dietopt']). "'
WHERE ID= $sess_userID";
I used $_POST['dietopt'] here, but if you are sure the value of $dietopt is correctly set, you can use that instead.
The call to mysqli_real_escape_string protects against SQL injection via that value. I would advise to use prepared statements instead.
Finally, there is also something wrong with where you set the $message variable: it currently sets it when the user gets to this page without having submitted anything. Instead it should be set right after the successful update. So remove this:
} else {
$message= "Your diet has been updated";
And add the message assignment after the query, like this:
mysqli_query($db_server, $query) or die("Update failed" . mysqli_error($db_server));
$message= "Your diet has been updated";
Then, you should actually display that message somewhere. This depends on what else you want to display, but you could simply add to the end of your PHP block (before the closing ?>) the following:
if (isset($message)) {
echo "<h4 style='color:green'>$message</h4>";
}
...or use whatever HTML and style you want.
To close, one final remark:
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.