Welcome to WebmasterWorld Guest from 23.22.46.195

Forum Moderators: coopster & jatar k

very strange sql update issue

   
11:36 am on Nov 12, 2006 (gmt 0)

5+ Year Member



hi guys,

i have a versy simple update statement like this:


if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where id=$cat_id") or die(mysql_error());
header("location:index.php?page=categories");
}

this is the structure of the category table:


id int(11) No
name varchar(100) No
user_id int(11) No 0

now this update statement just won't work, it also doesn't give an error :s

but, however, when I just replace id=$cat_id with where user_id=$user_id in the update statement, it works


if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where user_id=$user_id") or die(mysql_error());
header("location:index.php?page=categories");
}

both $cat_id as $user_id are set correctly so that is certainly not the problem.

I've never seen anything like this?

grtz

12:14 pm on Nov 12, 2006 (gmt 0)

10+ Year Member



If cat_id is a string, should it be
id='$cat_id'
user_id would maybe work as its an integer
12:50 pm on Nov 12, 2006 (gmt 0)

5+ Year Member



hi dramstore,

id is probably a string as you said, because it is passed with as a GET var.
So I tried to convert it to an integer before passing it to the update statement as follows:

$cat_id = intval($_GET['id']);
if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where id=$cat_id") or die(mysql_error());
header("location:index.php?page=categories");
}

but still little succes :)

1:03 pm on Nov 12, 2006 (gmt 0)

10+ Year Member



try putting the update statement into a string and display it.
then you can cut it and run it directly, might give you a clue where the problem is?
1:06 pm on Nov 12, 2006 (gmt 0)

5+ Year Member



indeed it seemed like the var has gone.
now i see it in the code :)

thx!

1:10 pm on Nov 12, 2006 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Yes, dump that query first to see exactly where your issue might be. You might also want to turn up error_reporting [php.net] during development so your issues will be more obvious. Next, you should really be using mysql_real_escape_string [php.net] before pushing that POST information into a database table column. You cannot trust user-supplied information, ever.

Our PHP Forum Library [webmasterworld.com] has some very useful Troubleshooting [webmasterworld.com] tips as well.

7:56 pm on Nov 14, 2006 (gmt 0)

5+ Year Member



try $HTTP_POST_VARS instead of $_POST
3:31 pm on Nov 16, 2006 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Although the older predefined variables ($HTTP_*_VARS) still exist, as of PHP 5.0.0, the long PHP predefined variable arrays may be disabled with the register_long_arrays directive, so they may no longer be present. I would recommend getting into the practice of using the *new* superglobals.

Predefined variables [php.net]

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month