database not updating when checkbox ticked

Question

EDIT: sorry cancelled is type tinyint in the database I have a form with 1 checkbox - I want it to update my database when it's checked to show that a course is cancelled. By default the value is 0 in my database but when I try to update a course to cancel it the value never changes to 1. Please help!

This is my editForm code snippet:

  <p><label class="field" for "Credits">Credits:</label>                      <input type="text" name="cred" size="40" value="<?php echo "$row[Credits]"?>" class="rep"></p>
             <p><label class="field" for "Cancelled">Cancelled:</label>      (Tick to cancel)   <input type="checkbox" name="canc" size="40" value="Yes" class="rep"></p>
            <input type="submit" name="submit_value" value="Update"></p>

and this is my updateCourse php page:

$id = $_POST["id"];

$title = $_POST["title"];
$cat = $_POST["cat"];
$loc = $_POST["loc"];
$county = $_POST["county"];
$time = $_POST["time"];
$date = $_POST["date"];
$cred = $_POST["cred"];
$fac = $_POST["fac"];

$canc = $_POST["canc"];

if(isset($_POST['submit_value'])) {

if(isset($_POST['canc'])) {
    $canc = isset($_POST['canc']) ? '1' : '0';
    $query1 = "UPDATE Course 
        SET Title = '$title',
            Category = '$cat',
            Location = '$loc',
            County = '$county',
            Course_Time = '$time',
            Course_Date = '$date',
            Credits = '$cred',
            Facilitator = '$fac'
            Cancelled = '$canc'
            WHERE CourseID = '$id' ";
    $result = $mysqli_db->query($query1);

}   else {      

    $query2 = "UPDATE Course 
        SET Title = '$title',
            Category = '$cat',
            Location = '$loc',
            County = '$county',
            Course_Time = '$time',
            Course_Date = '$date',
            Credits = '$cred',
            Facilitator = '$fac'

        WHERE CourseID = '$id' ";

$query_result = $mysqli_db->query($query2);

My query2 is working but query1 never changes the cancelled value in my database

Answer 1

You are missing some commas in your query between the fields on this line:

Facilitator = '$fac'

There should be a comma after that:

$query1 = "UPDATE Course 
    SET Title = '$title',
        Category = '$cat',
        Location = '$loc',
        County = '$county',
        Course_Time = '$time',
        Course_Date = '$date',
        Credits = '$cred',
        Facilitator = '$fac',
        Cancelled = '$canc'
         WHERE CourseID = '$id' ";

This would have triggered a MySQL error. You can use mysql_error() to debug these kind of problems. Echoing or printing the query is usually helpful to spot errors too.

http://php.net/manual/en/function.mysql-error.php

Answer 2

First, too many lines of simple code. You are duplicating the initiation of $canc. If you do assignment to the variable with 0 and 1, why the heck 2 queries? 1 is simplier and more readable. Plus you get easier debuging. Second, you need to read about PDO statements or filtering, because your script is really vulnerable. For instance, your script could be shortened to:

$canc = isset($_POST['canc']) ? '1' : '0';

if(isset($_POST['submit_value'])) {
    $query = "
        UPDATE Course 
        SET Title = '$title',
            Category = '$cat',
            Location = '$loc',
            County = '$county',
            Course_Time = '$time',
            Course_Date = '$date',
            Credits = '$cred',
            Facilitator = '$fac',
            Cancelled = '$canc'
        WHERE CourseID = '$id'";
    $query_result = $mysqli_db->query($query);      
}