lvlzero lvlzero - 2 months ago 13
PHP Question

PHP PDO Update query affects all rows when execute

I have a problem on using PDO Update query code. When I edit a single record of a person by changing the information and saving it by clicking the save button, it affects all records that should only update a single record. All records have the same information now. How can I make it update a single record without affecting the others? Thank you in advance.

update.php

<?php
include ('includes/connection.php');
$id = isset($_GET['id']) ? $_GET['id']: die('Error: Record ID not found.');

try {
$query_select = "SELECT id, profile_picture, first_name, last_name, gender, age, date_birth FROM tbl_records WHERE id = ? LIMIT 0,1";
$query_statement = $db_connection->prepare($query_select);

$query_statement->bindParam(1, $id);

$query_statement->execute();

$row = $query_statement->fetch();

$profilePicture = $row['profile_picture'];
$firstName = $row['first_name'];
$lastName = $row['last_name'];
$gender = $row['gender'];
$age = $row['age'];
$dateBirth = $row['date_birth'];
}

catch(PDOException $e) {
die('Error 1: '. $e->getMessage());
}

if($_POST) {
try {
$query_update = "UPDATE tbl_records SET
profile_picture = :t_profile_picture,
first_name = :t_first_name,
last_name = :t_last_name,
gender = :t_gender,
age = :t_age;
date_birth = :t_date_birth
WHERE id = :t_id";

$query_statement = $db_connection->prepare($query_update);

$profilePicture = htmlspecialchars(strip_tags($_POST['profile-picture']));
$firstName = htmlspecialchars(strip_tags($_POST['first-name']));
$lastName = htmlspecialchars(strip_tags($_POST['last-name']));
$gender = htmlspecialchars(strip_tags($_POST['gender']));
$age = htmlspecialchars(strip_tags($_POST['age']));
$dateBirth = htmlspecialchars(strip_tags($_POST['date-birth']));

$query_statement->bindParam(':t_profile_picture', $profilePicture);
$query_statement->bindParam(':t_first_name', $firstName);
$query_statement->bindParam(':t_last_name', $lastName);
$query_statement->bindParam(':t_gender', $gender);
$query_statement->bindParam(':t_age', $age);
$query_statement->bindParam(':t_date_birth', $dateBirth);
$query_statement->bindParam(':t_id', $id);

if($query_statement->execute()) {
echo "<div class='alert alert-success' role='start'>Record was updated</div>";
}

else {
echo "<div class='alert alert-danger' role='start'>Unable to update the record.</div>";
}
echo var_dump($query_statement->rowCount());
}

catch(PDOException $e) {
die('ERROR 2: ' . $e->getMessage());
}
}
?>

<html>
<body>
<form action="update.php?id=<?php echo htmlspecialchars($id); ?>" method="post">
<input type="hidden" name="id" value="<?php echo htmlspecialchars($id, ENT_QUOTES); ?>" />
<input type="file" name="profile-picture" value="<?php echo htmlspecialchars($profilePicture, ENT_QUOTES); ?>" />

<label for="first-name">First name:</label> <br />
<input type="text" name="first-name" value="<?php echo htmlspecialchars($firstName, ENT_QUOTES); ?>" /> <br />

<label for="last-name">Last name:</label> <br />
<input type="text" name="last-name" value="<?php echo htmlspecialchars($lastName, ENT_QUOTES); ?>" /> <br />

<label for="gender">Gender:</label> <br />
<input type="text" name="gender" value="<?php echo htmlspecialchars($gender); ?>" /> <br />

<label for="age">Age:</label> <br />
<input type="text" name="age" value="<?php echo htmlspecialchars($age); ?>" /> <br />

<label for="date-birth">Date of Birth:</label> <br />
<input type="date" name="date-birth" value="<?php echo htmlspecialchars($dateBirth); ?>" /> <br />

<input class="button-style" type="submit" value="SAVE" />
</form>
</body>
</html>

Answer

Posted as a community wiki, I want no rep from this.

age = :t_age; <<< is an end of statement character. That should be a comma. That's why it's updating everything.

The semi-colon is actually a valid character and won't throw an error for it. It will also not update the date_birth column neither.

Reference:

As in C or Perl, PHP requires instructions to be terminated with a semicolon at the end of each statement. The closing tag of a block of PHP code automatically implies a semicolon; you do not need to have a semicolon terminating the last line of a PHP block. The closing tag for the block will include the immediately trailing newline if one is present.