homepage Welcome to WebmasterWorld Guest from 54.211.157.103
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
MYSQL Update using PHP
bslakter




msg:4254408
 10:33 pm on Jan 17, 2011 (gmt 0)

Heres the problem. I have a code that is almost completed that i got off youtube. everything on his end works.. Yet .. I put the info up in the edit field.. and everything populates like its suppose to.. but when I try and change the info and click modify. I get errors saying id 13 has a undefined variable, and other stuff. Below is the complete modify.php file. as i said everything else works except when i post to modify the info... Below is the modify.php which has a bug

<?php
include "connection.php";
if (!isset($_POST['submit'])) {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);

}

?>
<h1>modify info</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />

</form>
<?php
if (isset($_POST['submit'])) {
$u = "UPDATE `people` SET `Name`='$_POST[inputName]', `Description`='$_POST[inputDesc]' WHERE ID = $_POST[id]";



mysql_query($u) or die(mysql_error());
echo "User has been created";
header("Location: index.php");
}
?>

 

digitsix




msg:4254416
 10:53 pm on Jan 17, 2011 (gmt 0)

First off, you should never put $_GET[] inside a mysql query directly, this will leave your application vulnerable to SQL injections. Here is a function to sanatize your post data so you can safely use it in your database queries:

function safeEnv($array, $link) {
$_SAFE = array();
foreach($array as $key => $value) {
$_SAFE[$key] = mysql_real_escape_string($value, $link);
}
return $_SAFE;
}

You must call mysql_connect first and then pass your link id as the 2nd argument. The 1st argument would be your _GET _POST or _REQUEST arrays.

Usage ex:
$link = mysql_connect("host","user","pass");
$_SAFE = safeEnv($_GET, $link);
mysql_query("update table set name='{$_SAFE["name"]}' where id='{$_SAFE["id"]}'");

digitsix




msg:4254417
 10:55 pm on Jan 17, 2011 (gmt 0)

Can you post the exact error messages returned from the script?

bslakter




msg:4254437
 11:24 pm on Jan 17, 2011 (gmt 0)

here is the website [russellwc.dyndns.org...] you will see that everything works except that. Ive never worked with this before so if you can tell me exactly what to fix I would be EXTREMELY GRATEFUL.. Please and thank you

digitsix




msg:4254438
 11:32 pm on Jan 17, 2011 (gmt 0)

put the following at the top of the script after the first <? or <?php

error_reporting(0);

whats happening is that its just posting warnings about the fact that you are assigning data to a variable that isnt declared or "defined" its fine, and not hurting anything... it looks like the server your working on has verbose error reporting turned on by default.

To turn the highest level back on, do this:

error_reporting(E_ALL);

digitsix




msg:4254443
 11:37 pm on Jan 17, 2011 (gmt 0)

Also you cannot echo anything out and then use the header() function to redirect the browser. You have to call the header function before any output has been created.

You're going to have to move that code that updates the database to the top where it can execute BEFORE the modify form code. And just have it redirect back to modify.php?id=$_POST[id]

bslakter




msg:4254447
 11:40 pm on Jan 17, 2011 (gmt 0)

IT WORKS. IT UPDATED! thank you SO much... I just have to get it to echo that it modified changes and thats it! but you did it.. that error_reporting code worked.. you are a life saver..

bslakter




msg:4254455
 11:53 pm on Jan 17, 2011 (gmt 0)

Yeah i see what your saying. it doesnt echo.. I just have to figure out where to put the code and im done.. serious.. i wish i can thank you enough but i cant....

digitsix




msg:4254458
 11:54 pm on Jan 17, 2011 (gmt 0)

hah no problem :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved