Update Database Statement - Simple Question - PHP Server Side Scripting forum at WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Update Database Statement - Simple Question

Mysql Update

benghee

8:45 am on Jun 16, 2008 (gmt 0)

Hi all,

I know this is a very simple question, that how can i update my database to MYSQL? I would like to update certain user and user ID into certain collumns. Is my syntax correct? Thanks for looking it for me here is my code:

Php code:
<?.....
$query = "UPDATE Login SET User=$user,userid=$userid WHERE User,userid";
mysql_query($query);
?>

wheelie34

9:42 am on Jun 16, 2008 (gmt 0)

Hi benghee

try this

$query = "UPDATE Login SET User=$user, userid=$userid WHERE User = '$userid'";

benghee

10:22 am on Jun 16, 2008 (gmt 0)

Hi Wheelie34, thanks for your reply. What if i have User, userid, address and tel? Will it be the same as this:

$query ="UPDATE Login SET User = '$user', userid = '$userid', address='$address', tel='$tel' WHERE User = '$user'";

wheelie34

10:57 am on Jun 16, 2008 (gmt 0)

NP you can update the whole row with one statement, lets say the user goes to his admin page and changes his address, when he arrives at the page ALL his details should already populate the form, so it doesn't matter what he changes/updates the whole lot would get updated when he saved the changes.

The WHERE clause is only to tell the db which reference it is so it knows which row to apply the update to.

HTH

benghee

1:55 am on Jun 17, 2008 (gmt 0)

Thank you again, Wheelie34. Many online tutorial only showing examples of UPDATE statement but they don't provide clear and simple explanation like yours. I'm now understand what it is about :)

deejay

2:02 am on Jun 17, 2008 (gmt 0)

Just bear in mind that you don't want to give the user access to change their userid. :) That'll cause all sorts of chaos.

wheelie34

10:44 am on Jun 17, 2008 (gmt 0)

deejay has a good point there, when you call the userid into the edit/change form make it a hidden field ie:

Habtom

11:18 am on Jun 17, 2008 (gmt 0)

.... or better store it in a session. The user will have generally less chance of abusing the system with a session than with the hidden field.

Upon login in:
$_SESSION['userid'] = $userid;

During Update:
$query ="UPDATE Login SET User = '$user', userid = '$userid', address='$address', tel='$tel' WHERE User = ". $_SESSION['userid'] ."";

Set the session to null during log out

LifeinAsia

3:53 pm on Jun 17, 2008 (gmt 0)

.... or better store it in a session. The user will have generally less chance of abusing the system with a session than with the hidden field.

Agreed- plus it will help prevent prevent people form updating other people's information.

Not sure if the OP left it out for brevity, but the code didn't include anything for verifying that the person changing the information is actually that person. And just putting the usernname in a hidden field wouldn't prevent a hacker from making a similar form on his own site and POSTing the information with whatever username he wanted.