UPDATE not adding new info to database

[aarontbarksdale]

Hey Guys, So, I know this information is all over the 'net...and I've scoured dozens of similar problems, however, none of the suggested fixes have helped for my code. So, I've turned back here...

<? session_start(); ?><?php$email = $_SESSION['email'];$userid = $_SESSION['user_id'];include ('connect.php');$result = mysql_query("SELECT * FROM shadbarktest.mcn_users WHERE email = '$email'"); $row = mysql_fetch_array($result);// data sent from form $first_name = $_POST['first_name'];$last_name = $_POST['last_name'];$user_email = $_POST['email'];$address = $_POST['address'];$city = $_POST['city'];$state = $_POST['state'];$zip = $_POST['zip'];$phone = $_POST['phone'];$password = $_POST['password'];// To protect MySQL injection (more detail about MySQL injection)$first_name = stripslashes($first_name);$last_name = stripslashes($last_name);$user_email = stripslashes($user_email);$address = stripslashes($address);$city = stripslashes($city);$state = stripslashes($state);$zip = stripslashes($zip);$phone = stripslashes($phone);$password = stripslashes($password);$first_name = mysql_real_escape_string($first_name);$last_name = mysql_real_escape_string($last_name);$user_email = mysql_real_escape_string($user_email);$address = mysql_real_escape_string($address);$city = mysql_real_escape_string($city);$state = mysql_real_escape_string($state);$zip = mysql_real_escape_string($zip);$phone = mysql_real_escape_string($phone);$password = mysql_real_escape_string($password);// Adding information to Database$update = 'UPDATE  mcn_users SET first_name = "$first_name", last_name = "$last_name", bill_address = "$address", city = "$city", state = "$state", zip = "$zip", phone = "$phone", email = "$user_email", user_pass = "$password" WHERE  user_id = "$userid"';@mysql_query($update);$_SESSION['email'] = $user_email;echo $userid ."<br/>";echo $first_name ."<br/>";echo $last_name ."<br/>";echo "<a href="user_mainpage.php">Return</a>";?>

It simply is not adding the updated information that it receives from the Edit User page to the database. Please point out to me where I've gone wrong:I have tried...

"UPDATE mcn_users SET first_name='". $first_name ."'..."UPDATE mcn_users SET first_name='{$first_name}'..."UPDATE mcn_users SET `first_name`='$first_name'...

NOTHING HAS WORKED...which leads me to question if I even have the syntax correct.

[Don Jajo]

Okay, i got it

 

Here in your code

$update = 'UPDATE  mcn_users SET first_name = "$first_name", last_name = "$last_name", bill_address = "$address", city = "$city", state = "$state", zip = "$zip", phone = "$phone", email = "$user_email", user_pass = "$password" WHERE  user_id = "$userid"';

your MySQL query should start with double quotes (") and the values inside should be in single quotes (')

 

Try that

[aarontbarksdale]

Don,

 

Thanks, tried that...didn't work.

 

I changed the code to read

$update = mysql_query('UPDATE  mcn_users SET first_name = "$first_name", last_name = "$last_name", bill_address = "$address", city = "$city", state = "$state", zip = "$zip", phone = "$phone", email = "$user_email", user_pass = "$password" WHERE  user_id = "$userid"');

And removed the @mysql_query($update); line...still doesn't work.

[Ingolme]

Variables inside strings aren't interpretted when the string is wrapped in single-quotes.

$a = 1;echo 'Number $a'; // Shows "Number $a"echo "Number $a"; // Shows "Number 1"

[justsomeguy]

You might want to switch over to something like mysqli or PDO to help you out, you wouldn't run into issues like that if you were using prepared statements and passing in the values that you want to use.