In general, sql records everything except one value (id_band).

if(isset($_POST['save_edit'])){ $age=FormChars($_POST['age']); $band=FormChars($_POST['allband']); $instruments=FormChars($_POST['instruments']); $about=FormChars($_POST['about']); $edit_info=mysql_fetch_array(mysql_query("UPDATE `about` SET `Age` = $age, `id_band` = '$band', `instruments` = '$instruments', `myinfo` = '$about', WHERE `id` ='$qq'")); header("Location: profile.php"); } <form method="post"> <p>Возраст: <?php print $query['Age']; if($edit==true){echo '<input id="inst" type="text" name="age"/>';}?></p> <p>Группа: <?php print $query['band']; if($edit==true){echo '<select id="inst" size="1" name="allband"><option>Выберите группу</option>'; do {printf ('<option value="%s">%s</option>',$data2['id_band'], $data2['Bandname']);} while($data2=mysql_fetch_array($data)); echo '</select>';}?></p> <p>Инструменты: <?php print $query['instruments']; if($edit==true){echo '<input id="inst" type="text" name="instruments"/>';}?></p> <p>О себе: <?php print $query['myinfo']; if($edit==true){echo '<input id="inst" type="text" name="about"/>';}?></p> <?php if($edit==true){echo '<input id="subsub-reg"type="submit" name="save_edit" value="Сохранить"/>';}else{echo' <input id="subsub-reg"type="submit" name="edit" value="Изменить" />';}?> </form>
  • In general, the backlight works, this is at least something. But you and the code itself is not very well decorated. Anyway. To begin with, I would advise first, to stop using the outdated mysql_query , and go to the library of mysqli or PDO . Secondly, in the query in the database it is better to use string concatenation: for example, instead of mysql_query("UPDATE about` SET Age = $ age WHERE id = 1; ")` use mysql_query("UPDATE about` SET Age =". $ $. "WHERE id = 1; ")` - intro94
  • @ intro94, what about concatenation better? - BOPOH
  • @BOPOH, it may be a matter of personal preference, but it seems to me that it is more reliable. Moreover, $a = 123; echo "qwe$arty"; $a = 123; echo "qwe$arty"; will not work, because the interpreter will look for the $arty variable. In this case, you need to write echo "qwe{$a}rty"; Using concatenation, I do not soar my brain when deriving such constructions without spaces, and I can also safely use array values, for example echo "qwe".$a['value']."rty"; - intro94
  • @ intro94, and using prepared queries with placeholders doesn’t save not only from this problem, but also from sql-injection? so, like you, not a bit more "reliable." And I know how to embed variables in strings) - BOPOH
  • @BOPOH, I didn’t say that I don’t need to defend against sql injections. And I meant that more reliably, in terms of creating the string itself, and not performing the query. I only showed by my example, just in case, what is concatenation. But how exactly to use it is not up to me. In addition, its use does not apply only to the recording of data obtained from the form in the database. In general, in my opinion, it is better to use string concatenation. But how many programmers, so many opinions. : D | PS: we moved away from the topic. Let's not hold a holivar. ;) - intro94

1 answer 1

 $band=FormChars($_POST['allband']);

Look what comes in $_POST['allband'] , I suspect that there is an empty string. Here it is recorded. Given that the remaining fields are written.

  • Not empty. Through var_dump already checked. That's what comes string (1) "1" - Bagul
  • @Bagul, take your request "UPDATE... and output it to the screen. If you do not see anything bad, insert it into the mysql console and see what happens. And then you should dance from this - BOPOH
  • one
    @Bagul And what do you have a comma before where stands, does this query execute? (You have an error in your SQL syntax) - jekaby