homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

MYSQL Update using PHP

Msg#: 4254406 posted 10:33 pm on Jan 17, 2011 (gmt 0)

Heres the problem. I have a code that is almost completed that i got off youtube. everything on his end works.. Yet .. I put the info up in the edit field.. and everything populates like its suppose to.. but when I try and change the info and click modify. I get errors saying id 13 has a undefined variable, and other stuff. Below is the complete modify.php file. as i said everything else works except when i post to modify the info... Below is the modify.php which has a bug

include "connection.php";
if (!isset($_POST['submit'])) {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);


<h1>modify info</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />

if (isset($_POST['submit'])) {
$u = "UPDATE `people` SET `Name`='$_POST[inputName]', `Description`='$_POST[inputDesc]' WHERE ID = $_POST[id]";

mysql_query($u) or die(mysql_error());
echo "User has been created";
header("Location: index.php");



10+ Year Member

Msg#: 4254406 posted 10:53 pm on Jan 17, 2011 (gmt 0)

First off, you should never put $_GET[] inside a mysql query directly, this will leave your application vulnerable to SQL injections. Here is a function to sanatize your post data so you can safely use it in your database queries:

function safeEnv($array, $link) {
$_SAFE = array();
foreach($array as $key => $value) {
$_SAFE[$key] = mysql_real_escape_string($value, $link);
return $_SAFE;

You must call mysql_connect first and then pass your link id as the 2nd argument. The 1st argument would be your _GET _POST or _REQUEST arrays.

Usage ex:
$link = mysql_connect("host","user","pass");
$_SAFE = safeEnv($_GET, $link);
mysql_query("update table set name='{$_SAFE["name"]}' where id='{$_SAFE["id"]}'");


10+ Year Member

Msg#: 4254406 posted 10:55 pm on Jan 17, 2011 (gmt 0)

Can you post the exact error messages returned from the script?


Msg#: 4254406 posted 11:24 pm on Jan 17, 2011 (gmt 0)

here is the website [russellwc.dyndns.org...] you will see that everything works except that. Ive never worked with this before so if you can tell me exactly what to fix I would be EXTREMELY GRATEFUL.. Please and thank you


10+ Year Member

Msg#: 4254406 posted 11:32 pm on Jan 17, 2011 (gmt 0)

put the following at the top of the script after the first <? or <?php


whats happening is that its just posting warnings about the fact that you are assigning data to a variable that isnt declared or "defined" its fine, and not hurting anything... it looks like the server your working on has verbose error reporting turned on by default.

To turn the highest level back on, do this:



10+ Year Member

Msg#: 4254406 posted 11:37 pm on Jan 17, 2011 (gmt 0)

Also you cannot echo anything out and then use the header() function to redirect the browser. You have to call the header function before any output has been created.

You're going to have to move that code that updates the database to the top where it can execute BEFORE the modify form code. And just have it redirect back to modify.php?id=$_POST[id]


Msg#: 4254406 posted 11:40 pm on Jan 17, 2011 (gmt 0)

IT WORKS. IT UPDATED! thank you SO much... I just have to get it to echo that it modified changes and thats it! but you did it.. that error_reporting code worked.. you are a life saver..


Msg#: 4254406 posted 11:53 pm on Jan 17, 2011 (gmt 0)

Yeah i see what your saying. it doesnt echo.. I just have to figure out where to put the code and im done.. serious.. i wish i can thank you enough but i cant....


10+ Year Member

Msg#: 4254406 posted 11:54 pm on Jan 17, 2011 (gmt 0)

hah no problem :)

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved