PHP PDO Update query affects all rows when execute

Question

I have a problem on using PDO Update query code. When I edit a single record of a person by changing the information and saving it by clicking the save button, it affects all records that should only update a single record. All records have the same information now. How can I make it update a single record without affecting the others? Thank you in advance.

update.php

<?php
include ('includes/connection.php');
$id = isset($_GET['id']) ? $_GET['id']: die('Error: Record ID not found.');

try {
    $query_select = "SELECT id, profile_picture, first_name, last_name, gender, age, date_birth FROM tbl_records WHERE id = ? LIMIT 0,1";
    $query_statement = $db_connection->prepare($query_select);

    $query_statement->bindParam(1, $id);

    $query_statement->execute();

    $row = $query_statement->fetch();

    $profilePicture = $row['profile_picture'];
    $firstName = $row['first_name'];
    $lastName = $row['last_name'];
    $gender = $row['gender'];
    $age = $row['age'];
    $dateBirth = $row['date_birth'];
}

catch(PDOException $e) {
    die('Error 1: '. $e->getMessage());
}

if($_POST) {
    try {
        $query_update = "UPDATE tbl_records SET 
        profile_picture = :t_profile_picture,
        first_name = :t_first_name,
        last_name = :t_last_name,
        gender = :t_gender,
        age = :t_age;
        date_birth = :t_date_birth
        WHERE id = :t_id";

        $query_statement = $db_connection->prepare($query_update);

        $profilePicture = htmlspecialchars(strip_tags($_POST['profile-picture']));
        $firstName = htmlspecialchars(strip_tags($_POST['first-name']));
        $lastName = htmlspecialchars(strip_tags($_POST['last-name']));
        $gender = htmlspecialchars(strip_tags($_POST['gender']));
        $age = htmlspecialchars(strip_tags($_POST['age']));
        $dateBirth  = htmlspecialchars(strip_tags($_POST['date-birth']));

        $query_statement->bindParam(':t_profile_picture', $profilePicture);
        $query_statement->bindParam(':t_first_name', $firstName);
        $query_statement->bindParam(':t_last_name', $lastName);
        $query_statement->bindParam(':t_gender', $gender);
        $query_statement->bindParam(':t_age', $age);
        $query_statement->bindParam(':t_date_birth', $dateBirth);
        $query_statement->bindParam(':t_id', $id);

        if($query_statement->execute()) {
            echo "<div class='alert alert-success' role='start'>Record was updated</div>";
        }

        else {
            echo "<div class='alert alert-danger' role='start'>Unable to update the record.</div>";
        }
            echo var_dump($query_statement->rowCount());
    }

    catch(PDOException $e) {
        die('ERROR 2: ' . $e->getMessage());
    }
}
?>

<html>
<body>
<form action="update.php?id=<?php echo htmlspecialchars($id); ?>" method="post">
    <input type="hidden" name="id" value="<?php echo htmlspecialchars($id, ENT_QUOTES); ?>" />
    <input type="file" name="profile-picture" value="<?php echo htmlspecialchars($profilePicture, ENT_QUOTES); ?>" />

    <label for="first-name">First name:</label> <br />
    <input type="text" name="first-name" value="<?php echo htmlspecialchars($firstName, ENT_QUOTES); ?>" /> <br />

    <label for="last-name">Last name:</label> <br />
    <input type="text" name="last-name" value="<?php echo htmlspecialchars($lastName, ENT_QUOTES); ?>" /> <br />

    <label for="gender">Gender:</label> <br />
    <input type="text" name="gender" value="<?php echo htmlspecialchars($gender); ?>" /> <br />

    <label for="age">Age:</label> <br />
    <input type="text" name="age" value="<?php echo htmlspecialchars($age); ?>" /> <br />

    <label for="date-birth">Date of Birth:</label> <br />
    <input type="date" name="date-birth" value="<?php echo htmlspecialchars($dateBirth); ?>" /> <br />

    <input class="button-style" type="submit" value="SAVE" />
</form>
</body>
</html>

Answer 1

Posted as a community wiki, I want no rep from this.

age = :t_age; <<< is an end of statement character. That should be a comma. That's why it's updating everything.

The semi-colon is actually a valid character and won't throw an error for it. It will also not update the date_birth column neither.

Reference:

• http://php.net/manual/en/language.basic-syntax.instruction-separation.php

As in C or Perl, PHP requires instructions to be terminated with a semicolon at the end of each statement. The closing tag of a block of PHP code automatically implies a semicolon; you do not need to have a semicolon terminating the last line of a PHP block. The closing tag for the block will include the immediately trailing newline if one is present.