mysqli - PHP sql Cannot update table -

i ran website , found out table not update. tried search answer in internet can't find solution. here code

change.php:

<?php session_start(); ?> <?php require_once('mysql_connect.inc.php'); ?> <?php $servername = "localhost"; $username = "root"; $password = ""; $dbname = "projectdb"; $conn =mysqli_connect($servername, $username, $password, $dbname); $query_rs = "select * product , user product.suppno = user.suppno , loginname='".$_session['loginname']."'"; $rs = mysqli_query($conn , $query_rs) or die(mysql_error()); $row_rs = mysqli_fetch_assoc($rs); $totalrows_rs = mysqli_num_rows($rs); ?> <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>change</title> </head>  <body> <table border="1">   <tr>     <td>action</td>     <td>product number</td>     <td>product name</td>     <td>product price</td>     <td>quanlity</td>      <td>photo</td>     <td>category number</td>   </tr>   <?php { ?>     <tr>     <td><a href="change.php?prodno=<?php echo $row_rs['prodno']; ?>">update record</a></td>       <td><?php echo $row_rs['prodno']; ?></td>       <td><?php echo $row_rs['prodname']; ?></td>       <td><?php echo $row_rs['prodprice']; ?></td>       <td><?php echo $row_rs['stockqty']; ?></td>       <td><img src="images/<?php echo $row_rs['prodphoto']; ?>" /><form action="upload.php" method="post" enctype="multipart/form-data">     select image upload:     <input type="file" name="filetoupload" id="filetoupload">     <input type="submit" value="upload image" name="submit"> </form></td>        <td><?php echo $row_rs['prodno']; ?></td>     </tr>     <?php } while ($row_rs = mysqli_fetch_assoc($rs)); ?> </table> <?php if (isset ($_get['prodno'])){     $prodno = $_get['prodno'];     $sql = "select * product prodno ='$prodno'";     $rs = mysqli_query($conn,$sql) or die(mysqli_error($conn));     $row_rs = mysqli_fetch_assoc($rs); $form = <<<eod     <form method="get" action="change_finish.php">     <label></br>product number <input name="prodno" type="text" name="prodno" readonly="readonly" value="%s" /></label>     <label></br>product name<input type="text" name="prodname"  value="%s" /></label>     <label></br>product price<input type="text" name="prodprice"  value="%s" /></label>     <label></br>quanlity<input type="text" name="stockqty"  value="%s" /></label>     <label></br>category number<input type="text"  name="catno" value="%s" /></label>     </form>     <input type="submit" name="submit" onclick="window.location.href='change_finish.php';"/>     <input type="button" value="cancel" onclick="window.location.href='blank.php';"/> eod; printf($form,$row_rs['prodno'],$row_rs['prodname'],$row_rs['prodprice'],$row_rs['stockqty'],$row_rs['catno']);  } ?> </body> </html> <?php mysqli_free_result($rs); ?> 

change_finish.php

<?php require_once('mysql_connect.inc.php'); ?>     <?php $servername = "localhost"; $username   = "root"; $password   = ""; $dbname     = "projectdb"; $conn = mysqli_connect($servername, $username, $password, $dbname) or     die(mysqli_error()); ?>     <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">     <html xmlns="http://www.w3.org/1999/xhtml">     <head>     <meta http-equiv="content-type" content="text/html; charset=utf-8" />     <title>none</title>     </head>     <body>      <?php if (isset($_get['submit'])) {     $prodno    = $_get['prodno'];     $prodname  = $_get['prodname'];     $prodprice = $_get['prodprice'];     $stockqty  = $_get['stockqty'];     $catno     = $_get['catno'];      $sql = "update product set prodname ='{$prodname}', prodprice = '{$prodprice}', stockqty = '{$stockqty}' prodno ='{$prodno}' ";     mysqli_query($conn, $sql) or die(mysqli_error($conn)); } header("location:change.php"); ?> </body> </html> 

i tried change $_get $_post still can not update table. can tell me error?

take @ form's method:

<form method="post" action="..."> <!-- use $_post --> <form method="get"  action="..."> <!-- use $_get  --> 

and make sure preparing , executing queries. if of fields contains single quote, break query.

if (isset($_get['submit'])) {     $prodno    = $_get['prodno'];     $prodname  = $_get['prodname'];     $prodprice = $_get['prodprice'];     $stockqty  = $_get['stockqty'];     $catno     = $_get['catno'];      $sql = "update product set prodname = ?, prodprice = ?, stockqty = ? prodno = ?";      $stmt = mysqli_prepare($conn, $sql);     mysqli_stmt_bind_param($stmt, 'ssis', $prodname, $prodprice, $stockqty, $prodno);     mysqli_stmt_execute($stmt); } 

for guessed types of bind:

prodname -> product name -> string prodprice -> product price -> contains period ($4.99) -> string  stockqty -> stock quantity -> number prodno -> product number -> number, string too, depends on standards