Unable to update row in PHP with $_POST variable

I want it so that when the user types into the textarea/input and clicks save changes, the information they input has been added and saved into the database. Below is my code:
$name = $_SESSION['u_name'];
$uid = $_SESSION['u_uid'];
$id = $_SESSION['u_id'];

$con = mysqli_connect("localhost", "root", "pass123", "db_name");

if ($con->connect_error) {
    die("Connection failed: " . $conn->connect_error);
	echo "<script type='text/javascript'>alert('connection failed. try again');</script>";
}

$remind1 = $_POST['remind1'];
$remind2 = $_POST['remind2'];
$remind3 = $_POST['remind3'];
$remind4 = $_POST['remind4'];
$remind5 = $_POST['remind5'];

if (isset($_POST['updBtn'])){
	$sql = "UPDATE reminders SET remindone='$remind1' WHERE username='$uid'";
	
	if ($con->query($sql) === TRUE) {
		echo "<script type='text/javascript'>alert('Updated successfully');</script>";
	}else{
		echo "<script type='text/javascript'>alert('error while updating. try again');</script>";
	}
}

Open in new window


HTML:
<form action="body.php" method="post"> 
 <input type="submit" class="sideBtn" value="Save Changes" name="updBtn"></input><br>
<div class="displayTask">
           <input type="checkbox" class="check">
           <span class="checkmark"></span>
           <input type="text" id="event" placeholder="remember..." name="remind1"></input>
</div>
<div class="displayTask">
           <input type="checkbox" class="check">
           <span class="checkmark"></span>
           <input id="event" name="remind2"></input>
</div>
<div class="displayTask">
           <input type="checkbox" class="check">
           <span class="checkmark"></span>
           <input id="event" name="remind3"></input>
</div>
           <div class="displayTask">
           <input type="checkbox" class="check">
           <span class="checkmark"></span>
           <textarea id="event" name="remind4"></textarea >
</div>
<div class="displayTask">
           <input type="checkbox" class="check">
           <span class="checkmark"></span>
            <textarea id="event" name="remind5"></textarea >
           </div>
 </div>
</form>

Open in new window


After many trials and errors, I have been able to pinpoint that my problem is somewhere along the $_POST variables in my php as, if I were to substitute the aforementioned variable with a string, it works perfectly. I am not exactly sure what I did wrong, but I feel so close that I know I must be (hopefully) getting somewhere. How can I fix this mistake of mine and make it so that the user is able to POST text into the database.
Sunny JainstudentAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
I see a number of issues with your script

Firstly there is no session_start() - I am assuming that you have this but in case you don't you will need to include it at the top of your script.

Secondly, you should be more structured about accessing POST variables - you cannot assume they
a) Exist
b) Are not malicious

To ensure that you are covered in case they don't exist I suggest you do the following

$remind1 = isset($_POST['remind1']) ? $_POST['remind1'] : '';
$remind2 = isset($_POST['remind2']) ? $_POST['remind2'] : '';
...// REPEAT FOR THE REST

Open in new window

At this point you might want to sanitize your input to make sure there is nothing malicious

Thirdy, without sanitised input your UPDATE query is open to a potential SQL injection attack. Consider using a prepared statement to do the UPDATE

Fourth, you appear to have an orphan </div> in your form code.

Consider creating a reflection script that you post to to see what your form is sending. For example
<pre>
<?php
print_r($_POST);
print_r($_GET);
?>
</pre>

Open in new window

Point your form at that script and see what is being sent by the form.

Using the code you provided for your server side processing script - it seems to be fine so something else is wrong.

You can see a sample below - this sample allows you to toggle between a reflect script and a version of your script (sans the DB bit)

http://www.marcorpsa.com/ee/t2899.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sunny JainstudentAuthor Commented:
Thank you! It worked perfectly!! :)
0
Julian HansenCommented:
You are welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.