very strange sql update issue

Forum Moderators: coopster

Message Too Old, No Replies

very strange sql update issue

kristof_v

11:36 am on Nov 12, 2006 (gmt 0)

hi guys,

i have a versy simple update statement like this:


if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where id=$cat_id") or die(mysql_error());
header("location:index.php?page=categories");
}

this is the structure of the category table:


 id  int(11)  No     
name varchar(100) No   
user_id int(11) No 0

now this update statement just won't work, it also doesn't give an error :s

but, however, when I just replace id=$cat_id with where user_id=$user_id in the update statement, it works


if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where user_id=$user_id") or die(mysql_error());
header("location:index.php?page=categories");
}

both $cat_id as $user_id are set correctly so that is certainly not the problem.

I've never seen anything like this?

grtz

dramstore

12:14 pm on Nov 12, 2006 (gmt 0)

If cat_id is a string, should it be
id='$cat_id'
user_id would maybe work as its an integer

kristof_v

12:50 pm on Nov 12, 2006 (gmt 0)

hi dramstore,

id is probably a string as you said, because it is passed with as a GET var.
So I tried to convert it to an integer before passing it to the update statement as follows:

$cat_id = intval($_GET['id']);
if (isset($_POST['submit'])) {
$update = mysql_query("update category set name='$_POST[name]' where id=$cat_id") or die(mysql_error());
header("location:index.php?page=categories");
}

but still little succes :)

dramstore

1:03 pm on Nov 12, 2006 (gmt 0)

try putting the update statement into a string and display it.
then you can cut it and run it directly, might give you a clue where the problem is?

kristof_v

1:06 pm on Nov 12, 2006 (gmt 0)

indeed it seemed like the var has gone.
now i see it in the code :)

thx!

coopster

1:10 pm on Nov 12, 2006 (gmt 0)

Yes, dump that query first to see exactly where your issue might be. You might also want to turn up error_reporting [php.net] during development so your issues will be more obvious. Next, you should really be using mysql_real_escape_string [php.net] before pushing that POST information into a database table column. You cannot trust user-supplied information, ever.

Our PHP Forum Library [webmasterworld.com] has some very useful Troubleshooting [webmasterworld.com] tips as well.

bwstyle

7:56 pm on Nov 14, 2006 (gmt 0)

try $HTTP_POST_VARS instead of $_POST

coopster

3:31 pm on Nov 16, 2006 (gmt 0)

Although the older predefined variables ($HTTP_*_VARS) still exist, as of PHP 5.0.0, the long PHP predefined variable arrays may be disabled with the register_long_arrays directive, so they may no longer be present. I would recommend getting into the practice of using the *new* superglobals.

Predefined variables [php.net]