Updating rows in a mysql table

[anthonyw17]

Hey I im trying to udpate the rows PassWord, email, Age in my membersys table of my mysql database. With the code im using its only saving the age and nothing else.

Also the the new info is coming from a form using the POST method

PHP Code:

<?php
session_start();

$con = mysql_connect("localhost","MyUser","MySecretPass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("membersys", $con);

$ui = $_POST['username'];
$pi = $_POST['password'];
$ei = $_POST['email'];
$ag = $_POST['age'];
$user =  $_SESSION['UserName'];

mysql_query("UPDATE Member SET PassWord=$ui WHERE UserName='$user'");
mysql_query("UPDATE Member SET email=$ei WHERE UserName='$user'");
mysql_query("UPDATE Member SET Age=$ag WHERE UserName='$user'");

Header("Location: acc_content.php?account=updated");

mysql_close($con);
?>

Any Ideas?

[felgall]

Is there some particular reason why you are trying to use three queries to do the job of one?

Also since the password and email are text fields and not numbers the values need to be wrapped in quotes.

Code:

mysql_query("UPDATE Member SET PassWord='$ui', email='$ei', Age=$ag WHERE UserName='$user'")

Note also that the mysql_ interface is obsolete and marked for deletion from PHP - Use the mysqli_ interface instead.

Also use prepare and bind instead of query so as to keep the data separate from the query.

Finally never assign $_POST values directly to fields - you should validate their content first.