Please post your questions in English and use bbcode
[code][/code] tags or three markdown back-ticks ``` before/after your code so that it will be formatted as code by the forum software. I have edited your post above with these.
If you are just starting out, forget about using the overly complicated and inconsistent mysqli extension. Instead, use the much simpler PDO extension.
As to the error. It is because the sql query failed with an error, but you don’t have any error handling to tell you if and why the query failed. You ALWAYS need error handling for statements that can fail. For database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding code at each statement, is to use exceptions for errors and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.)
To enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
As to the posted code -
- Don’t use extract() as this will allow hackers to set any of your program variables to any value they want. If you expect a $_GET input, write code using the specific input.
- Trim, then validate all inputs before using them. If there isn’t a $_GET[‘id’] input or is it empty, that’s an error and your code should not try to use a non-existent input.
- The php ‘business logic’ that knows how to query and retrieve data should be above the start of the html document. This will make it easier to design, write, test, debug, and maintain your code.
- You should list out the columns you are selecting. This will help reduce mistakes, insure that you are only selecting the data you want, makes your code self-documenting, and prevents changes in the table structure from causing errors when you fetch data using numerical indexes (which should be avoided.)
- Don’t put external, unknown, dynamic values directly into an sql query statement. Use a prepared query instead. This where the PDO extension comes in handy. With the mysqli extension, the prepared and non-prepared query programming is completely different, requiring you to learn two different sets of statements. With the PDO extension, a prepared and non-prepared query is the same.
- Don’t use a loop to fetch data from a query that will match at most one row of data. Directly fetch the row of data.
- You should almost always fetch data as an associate array. This reduces errors and makes it easy for anyone reading the code to see what it is trying to do.
- Don’t copy variables to other variables for nothing. This is just a waste of typing. Just use the original variables.
- When you output dynamic values onto a web page (the form field values), apply htmlentities to them to help prevent cross site scripting.
- To get a form to submit to the same page it is on, which is what you should be doing in this case, leave out the entire action=’…’ attribute.