Trying to Update DB table from html with php code not working
one text
Trying to update a database table so a user can "edit" what they already have input. I used the keyword Update instead of select or insert in my sql code but I come up with error:
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* from OrdersLists where uname = 'Test', 'Test', 'Beer', '', '123 spooner street' at line 1 in /home/spemulli/public_html/Presentation3/EditOrder.php:84 Stack trace: #0 /home/spemulli/public_html/Presentation3/EditOrder.php(84): PDOStatement->execute() #1 {main} thrown in /home/spemulli/public_html/Presentation3/EditOrder.php on line 84
Any advice??
<?php
if (isset($_POST['enter']))
{
//always initialized variables to be used
$uname = "";
$pwd = "";
$cpwd = "";
$fn = "";
$ln = "";
$gender = "";
$addy = "";
$quanity = "";
$agree = "";
$unameok = false;
$pwdok = false;
$agreeok = false;
//take the information submitted and verify inputs
$uname = trim($_POST['userName']);
$pwd = trim($_POST['pwd']);
$cpwd = trim($_POST['confirmPwd']);
$fn = trim($_POST['firstName']); //always trim the user input to get rid of the additiona white spaces on both ends of the user input
$ln = trim($_POST['lastName']);
$gender = trim($_POST['gender']);
$addy = trim($_POST['address']);
$quantity = trim($_POST['quantity']);
if (!spamcheck($uname))
$msg = $msg . '<br/><b>Email is not valid.</b>';
else $unameok = true;
if (!pwdValidate($pwd))
$msg = $msg . '<br/><b>Password is not in the required format.</b>';
else {
if ($pwd != $cpwd)
$msg = $msg . '<br/><b>Passwords are not the same.</b>';
else $pwdok = true;
}
if (!isset($_POST['agree'])) {
$msg = $msg . "<br/><b> You must agree to the terms and conditions </b><br />";
$term = '<span style="color:red">You must agree to the terms and conditions</span>';
}
else $agreeok = true;
if ($unameok && $pwdok ) {
//enter data into the database
$stmt = $con->prepare("UPDATE * from OrdersLists where uname = ?, ?, ?, ?, ?, ?");
if ($stmt->execute(array($fn, $ln, $gender, $agree, $addy, $quantity ))==TRUE)
$msg = '<font color = "red">Thank you for your Order.login.</font><br/>';
//$stmt = $con->prepare("select * from OrderLists where name = ?"); $stmt->execute(array($_uname));
else $msg = "Your information cannot be entered this time. Please try again later.";
}
}
?>
form action="EditOrder.php" method="post">
<h1>Order Form</h1>
<?php
print $msg;
$msg = "";
?>
<br />
Username (email): <input type="text" maxlength = "50" value="default@email.com" name="userName" id="userName" /> <br />
Password: <input type="text" maxlength = "50" value="123456asdfgh" name="pwd" id="pwd" />(Must be longer than 12 characters and contains at least 1 digit) <br />
Confirm Password: <input type="text" maxlength = "50" value="123456asdfgh" name="confirmPwd" id="confirmPwd" /> <br />
First Name: <input type="text" maxlength = "50" value="Test" name="firstName" id="firstName" /> <br />
Last Name: <input type="text" maxlength = "50" value="Test" name="lastName" id="lastName" /> <br />
Address: <input type="text" maxlength ="50" value="123 spooner street, Indianapolis, Indiana" name="address" id="address" />(Enter Street, City, State) <br />
Liquor Type:
<input type = "radio" name = "gender" value = "Beer" checked = "checked" />Beer
<input type = "radio" name = "gender" value = "Wine" />Wine <br />
Amount: <br />
<input type = "text" maxlength = "50" value="quantity, be descriptive" name="quantity" id="quantity" /> <br />
<br />
<input type="checkbox" name = "agree" value="y" />
<?php print $term; ?>
<br />
<input name="enter" class="btn" type="submit" value="Submit" />
</form>