Forum Moderators: coopster
I`m trying to write some info to a database. This is the code:
if ($_POST['updatesettings'])
{
$dateset = date("D M j Y, G:i a");
$query = "UPDATE mg_website SET w_date = '$dateset', w_webmaster = '$webname', w_name = '$website',
w_url = '$weburl', w_email = '$webemail', w_path = '$webpath'";
$result = mysql_query($query);
if ($_POST['header'] == "yesheader")
{$query2 = "UPDATE mg_header SET h_banner = '1', h_bannerurl = '$imagepath', h_bannerwidth = '$imagewidth',
h_bannerheight = '$imageheight', h_text = 'NO TEXT, BANNER USED'";
$result2 = mysql_query($query2);}
else{
$query2 = "UPDATE mg_header SET h_banner = '0', h_bannerurl = 'N/A', h_bannerwidth = 'N/A',
h_bannerheight = 'N/A', h_text = '$imagetext'";
$result2 = mysql_query($query2);}
settingsUpdated();
exit;}
Now the first query works fine, but the 2nd one inside the if else statement doesn`t.
In my form are a couple of radio buttons which the user can choose from:
echo "<input type=\"radio\" name=\"header\" value=\"yesheader\">";
echo "<input type=\"radio\" name=\"header\" value=\"noheader\" checked>";
So, why can`t I get the 2nd query to work? Its probably something really simple that I`m overlooking.
Thank you.
It's tough to tell what's wrong without knowing your database schema and what values you're entering in the form.
Simple first test is to echo the sql statements to the browser from your script and look at the SQL that's getting executed. If the problem isn't obvious, like a null variable, paste the query directly into mysql and see what the error is.
$dateset = date("D M j Y, G:i a");
should be $dateset = date("Y-m-d H:i:s");
That is the correct date format for MySQL. But since that function is simply formating the current time and date (ie you have not passed a timestamp to date so it is using the current time) I would juse pass:
SET w_date = NOW()
In the SQL string since the NOW() MySQL function will expand to the current date and time.
The only difference is that your way will give you the current time from the webserver. NOW() will give you the current time from the database server. These should be the same and if the DB and Webserver are the same machine will be the same.
Also as a side note if the variables such as $webname and $website that you are passing to the SQL come from the web form you should use $_REQUEST['webname'] and $_REQUEST['website'] as register globals is depricated.
Also you may want to consider passing the values through mysql_escape_string() to protect yourself from SQL overflow hacks.
daisho.
Anyway, daisho just a couple of things. I`m using a varchar field to store the date info, so the date() function I was using was ok. Isn`t the date you specified the same thing? I`m a little confused about that.
Also I changed the variable info that passes to the SQL to for example $_REQUEST['website'] etc and all I got was the following:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/maiandrm/public_html/testbook/admin/settings.php on line 33
I assume I should still have used single quotes outside such as w_url = '$_REQUEST['weburl']'?
Thank you.
Regarding your problem you should do:
w_url = '${_REQUEST['weburl']}'
Notice the brace brackets. You only need to do this since you are using an associative array inside a quoted string.
Though really to protect yourself you should do:
w_url = '".mysql_escape_string($_REQUEST['weburl'])."'"
daisho
Thanks.
:)
w_url = "'".mysql_escape_string($_REQUEST['weburl'])."'"
but since you have to wrap it in with the rest the statement it will need adjusting anyway.
:)
