My code doesnt update the Student ID in our database help me fix it please. This is the code <?php
session_start();
// error_reporting(0);

$conn = mysqli_connect("localhost", "root", "", "card");

if (!$conn) {
die("Connection Failed: " . mysqli_connect_error());
}

include 'header.php';
$employee_name = $_SESSION['admin_name'];

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['updateInformation'])) {
$student_id = $_POST['studentID'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);

$lname = ucwords(strtolower($_POST['lName']));
$fname = ucwords(strtolower($_POST['fName']));
$mname = ucwords(strtolower($_POST['mName']));
$studId = strtoupper($_POST['studentID']);
$lrn = strtoupper($_POST['lrn']);
$grade = $_POST['grade'];
$sec = strtoupper($_POST['sec']);
$aYear1 = $_POST['aYear1'];
$aYear2 = $_POST['aYear2'];
$acadYear = $aYear1 . '_' . $aYear2;

$update_query = "UPDATE student_records SET lastName = '$lname', firstName = '$fname', middleName = '$mname', studentID = '$studId', LRN = '$lrn', gradeLevel = '$grade', section = '$sec', academicYear = '$acadYear' WHERE studentID = '$student_id'";
$update_result = mysqli_query($conn, $update_query);

$date_and_time = new DateTime();
$date_and_time -> setTimezone(new DateTimeZone('Asia/Manila'));
$date_and_time = $date_and_time -> format('Y-m-d H:i:s');

$activity = $employee_name . " Edited " . $student_id . "\'s Information";
$activity_history = "INSERT INTO activity_history VALUES ('$date_and_time', '$activity', '3')";
$activity_history_result = mysqli_query($conn, $activity_history);

if ($update_result && $activity_history_result) {
header('Location: searchStudent.php');
exit();
}
else {
echo "Error updating student information: " . mysqli_error($conn);
}
}

if (isset($_POST['student_id']) && $_SESSION['employee_name']) {
$student_id = $_POST['student_id'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);

$row = mysqli_fetch_assoc($result);

$lname = $row['lastName'];
$fname = $row['firstName'];
$mname = $row['middleName'];
$studId = $row['studentID'];
$lrn = $row['LRN'];
$grade = $row['gradeLevel'];
$sec = $row['section'];
$acadYear = $row['academicYear'];
}
else {
header('Location: searchStudent.php');
exit();
}
?>






Edit Student Information



">

Edit Student Information
<?php echo $employee_name;?>
Student ID:
" maxLength="9">

Last Name:
" required>

First Name:
" required>

Middle Name:
">

LRN:
">

Grade Level:
" maxlength="2" required>

Section:
" required>

Academic Year:
" maxLength="4">-
" maxLength="4">



Answer :

Code Debugging:

It looks like your PHP code for updating student information in the database is mostly set up correctly, but there are a few points that might be causing issues with updating the Student ID. Let's identify possible flaws;

1. Form Data and POST Request Verification

First, make sure that the form sending the POST request is correctly formatted and includes a field named `updateInformation` that matches the condition in your PHP script. This is important because your script checks if this field is set before proceeding with the update.

Important: SQL Injection Vulnerability

Before addressing the main issue, it's important to note that your code is highly vulnerable to SQL injection because it directly inserts POST data into the SQL query. To fix this, you should use prepared statements. This not only secures your code but also might indirectly solve issues by ensuring data is correctly formatted for SQL operations.

3. Student ID Update Logic

The main issue seems to be related to how the Student ID is handled. You are using the same variable `$student_id` to fetch the current student record and also as the new Student ID. If you're trying to change the Student ID itself, there's a logical flaw here because the WHERE clause will use the new Student ID (if changed) to look for a record that hasn't been updated yet.

Also make sure you have a hidden input field in your form that holds the original Student ID, which you don't intend to change during the update process. This will be used in the WHERE clause to identify the correct record to update.

In short, by addressing these issues, it may work as intended.