I cannot for the life of me figure out why this code will not update the database table 'products'. I've already had one person look at it for me in house but she doesn't have a clue. Any help would be greatly appreciated.
edit_products.php
<?php
$product = find_product_by_id($_GET["id"]);
if (!$product) {
// admin ID was missing or invalid or
// admin couldn't be found in database
safe_redirect("manage_products.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
$id = $product["id"];
$product_id = mysql_prep($_POST["product_id"]);
$product_name = mysql_prep($_POST["product_name"]);
$product_image = mysql_prep($_POST["product_image"]);
$highres_image = mysql_prep($_POST["highres_image"]);
$linedraw_image = mysql_prep($_POST["linedraw_image"]);
$product_video = mysql_prep($_POST["product_video"]);
$product_pdf = mysql_prep($_POST["product_pdf"]);
$product_keywords = mysql_prep($_POST["product_keywords"]);
$product_description = mysql_prep($_POST["product_description"]);
$product_enabled = mysql_prep($_POST["product_enabled"]);
$product_weight = mysql_prep($_POST["product_weight"]);
$product_length = mysql_prep($_POST["product_length"]);
$product_width = mysql_prep($_POST["product_width"]);
$product_height = mysql_prep($_POST["product_height"]);
$product_url = mysql_prep($_POST["product_url"]);
// validations
$required_fields = array("product_id", "product_name", "product_image", "product_description");
validate_presences($required_fields);
$fields_with_max_lengths = array("product_id" => 20);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$query = "UPDATE products SET ";
$query .= "product_id = '{$product_id}', ";
$query .= "product_name = '{$product_name}', ";
$query .= "product_image = '{$product_image}', ";
$query .= "highres_image = '{$highres_image}', ";
$query .= "linedraw_image = '{$linedraw_image}', ";
$query .= "product_video = '{$product_video}', ";
$query .= "product_pdf = '{$product_pdf}', ";
$query .= "product_keywords = '{$product_keywords}', ";
$query .= "product_description = '{$product_description}', ";
$query .= "product_enabled = '{$product_enabled}', ";
$query .= "product_weight = '{$product_weight}', ";
$query .= "product_length = '{$product_length}', ";
$query .= "product_width = '{$product_width}', ";
$query .= "product_height = '{$product_height}', ";
$query .= "product_url = '{$product_url}', ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Product updated.";
safe_redirect("manage_products.php");
} else {
// Failure
$_SESSION["message"] = "Product update failed.";
}
}
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
<?php $layout_context = "admin"; ?>
<?php include("includes/layouts/header.php"); ?>
<?php echo message(); ?> <?php echo form_errors($errors); ?>
<h2>Edit Product: <?php echo htmlentities($product["product_id"]); ?></h2>
<form action="edit_product.php?id=<?php echo urlencode($product["id"]); ?>" method="post">
<p>Product ID:
<input name="product_id" type="text" value="<?php echo htmlentities($product["product_id"]); ?>" size="15" />
</p>
<p>Product Name:
<input name="product_name" type="text" value="<?php echo htmlentities($product["product_name"]); ?>" size="45" />
</p>
<p>Product Image:
<input name="product_image" type="text" value="<?php echo htmlentities($product["product_image"]); ?>" size="45" />
</p>
<p>High Res Image:
<input name="highres_image" type="text" value="<?php echo htmlentities($product["highres_image"]); ?>" size="45" />
</p>
<p>Line Drawing:
<input name="linedraw_image" type="text" value="<?php echo htmlentities($product["linedraw_image"]); ?>" size="45" />
</p>
<p>Product Video:
<input name="product_video" type="text" value="<?php echo htmlentities($product["product_video"]); ?>" size="45" />
</p>
<p>Product PDF:
<input name="product_pdf" type="text" value="<?php echo htmlentities($product["product_pdf"]); ?>" size="45" />
</p>
<p>Product Keywords:
<input name="product_keywords" type="text" value="<?php echo htmlentities($product["product_keywords"]); ?>" size="45" />
</p>
<p>Product Description:
<input name="product_description" type="text" value="<?php echo htmlentities($product["product_description"]); ?>" size="45" />
</p>
<p>Product Enabled:
<input name="product_enabled" type="text" value="<?php echo htmlentities($product["product_enabled"]); ?>" size="5" />
</p>
<p>Product Weight:<input name="product_weight" type="text" value="<?php echo htmlentities($product["product_weight"]); ?>" size="5" /> Length: <input name="product_length" type="text" value="<?php echo htmlentities($product["product_length"]); ?>" size="5" /> Width: <input name="product_width" type="text" value="<?php echo htmlentities($product["product_width"]); ?>" size="5" /> Height: <input name="product_height" type="text" value="<?php echo htmlentities($product["product_height"]); ?>" size="5" />
</p>
<p>Product URL:
<input name="product_url" type="text" value="<?php echo htmlentities($product["product_url"]); ?>" size="45" />
</p>
<input type="submit" name="submit" value="Edit Product" />
</form>
This is the function find_product_by_id
function find_product_by_id($product_id) {
global $connection;
$safe_product_id = mysqli_real_escape_string($connection, $product_id);
$query = "SELECT * ";
$query .= "FROM products ";
$query .= "WHERE id = {$safe_product_id} ";
$query .= "LIMIT 1";
$product_set = mysqli_query($connection, $query);
confirm_query($product_set);
if($product = mysqli_fetch_assoc($product_set)) {
return $product;
} else {
return null;
}
}
The problem is a trailing comma, as pointed out in the comments. But the real problem is the lack of error checking. If you had the code example below you would have found the problem instantly:
if ( ! $result = mysqli_query($connection, $query))
{
echo 'ERROR: '.mysqli_error($connection);
}
That would have pointed out to you that your query was invalid.