I have this query on my CMS but it doesn't work. I try to update the member's profile...
<?php
// INCLUDE FILES
include('config.cms.php');
include('php/connect_db.php');
// PREPARE STRINGS
$user_id = $_POST['user_id'];
$full_name = mysql_real_escape_string($_POST['full_name']);
$email = mysql_real_escape_string($_POST['email']);
if (isset($_POST['avatar']))
{
$avatar = mysql_real_escape_string($_POST['avatar']);
}
else
{
$avatar = '';
}
$avatar_type = $_POST['avatar_type'];
$slogan = mysql_real_escape_string($_POST['slogan']);
$privacy = $_POST['privacy'];
$location = mysql_real_escape_string($_POST['location']);
$bio = mysql_real_escape_string($_POST['bio']);
// QUERY THE DB
mysql_query("UPDATE users SET `full_name`='".$full_name."', `email`='".$email."', `avatar`='".$avatar."', `avatar_type`='".$avatar_type."', `user_slogan`='".$slogan."', `privacy`='".$privacy."', `location`='".$location."', `bio`='".$bio."' WHERE `id`='".$user_id."'");
// GET ERROR IF EXIST
mysql_error();
// REDIRECT AFTER COMPLETED
header('Location: profile.php?saved');
?>
Is there any error because I can't find anything!
$result = mysql_query("UPDATE ...");
if (!$result) {
echo mysql_errno() . ": " . mysql_error() . "
";
die();
}
See also: http://www.php.net/manual/function.mysql-query.php
The mysql_error function doesn't make errors show up magically.
You must echo mysql_error(); or the like to have it do anything - otherwise, you get the error but then throw it away.
Also, please learn from little Bobby Tables - you have not sanitized your user IDs, nor avatar types, nor privacy field. ALL - and I mean ALL - user input must be sanitized. I strongly recommend using PDO and parametrized queries instead of mysql_real_escape_string. They are both safer and easier to understand.