Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

MYSQL Update using PHP

10:33 pm on Jan 17, 2011 (gmt 0)

Heres the problem. I have a code that is almost completed that i got off youtube. everything on his end works.. Yet .. I put the info up in the edit field.. and everything populates like its suppose to.. but when I try and change the info and click modify. I get errors saying id 13 has a undefined variable, and other stuff. Below is the complete modify.php file. as i said everything else works except when i post to modify the info... Below is the modify.php which has a bug

include "connection.php";
if (!isset($_POST['submit'])) {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);


<h1>modify info</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />

if (isset($_POST['submit'])) {
$u = "UPDATE `people` SET `Name`='$_POST[inputName]', `Description`='$_POST[inputDesc]' WHERE ID = $_POST[id]";

mysql_query($u) or die(mysql_error());
echo "User has been created";
header("Location: index.php");
10:53 pm on Jan 17, 2011 (gmt 0)

10+ Year Member

First off, you should never put $_GET[] inside a mysql query directly, this will leave your application vulnerable to SQL injections. Here is a function to sanatize your post data so you can safely use it in your database queries:

function safeEnv($array, $link) {
$_SAFE = array();
foreach($array as $key => $value) {
$_SAFE[$key] = mysql_real_escape_string($value, $link);
return $_SAFE;

You must call mysql_connect first and then pass your link id as the 2nd argument. The 1st argument would be your _GET _POST or _REQUEST arrays.

Usage ex:
$link = mysql_connect("host","user","pass");
$_SAFE = safeEnv($_GET, $link);
mysql_query("update table set name='{$_SAFE["name"]}' where id='{$_SAFE["id"]}'");
10:55 pm on Jan 17, 2011 (gmt 0)

10+ Year Member

Can you post the exact error messages returned from the script?
11:24 pm on Jan 17, 2011 (gmt 0)

here is the website [russellwc.dyndns.org...] you will see that everything works except that. Ive never worked with this before so if you can tell me exactly what to fix I would be EXTREMELY GRATEFUL.. Please and thank you
11:32 pm on Jan 17, 2011 (gmt 0)

10+ Year Member

put the following at the top of the script after the first <? or <?php


whats happening is that its just posting warnings about the fact that you are assigning data to a variable that isnt declared or "defined" its fine, and not hurting anything... it looks like the server your working on has verbose error reporting turned on by default.

To turn the highest level back on, do this:

11:37 pm on Jan 17, 2011 (gmt 0)

10+ Year Member

Also you cannot echo anything out and then use the header() function to redirect the browser. You have to call the header function before any output has been created.

You're going to have to move that code that updates the database to the top where it can execute BEFORE the modify form code. And just have it redirect back to modify.php?id=$_POST[id]
11:40 pm on Jan 17, 2011 (gmt 0)

IT WORKS. IT UPDATED! thank you SO much... I just have to get it to echo that it modified changes and thats it! but you did it.. that error_reporting code worked.. you are a life saver..
11:53 pm on Jan 17, 2011 (gmt 0)

Yeah i see what your saying. it doesnt echo.. I just have to figure out where to put the code and im done.. serious.. i wish i can thank you enough but i cant....
11:54 pm on Jan 17, 2011 (gmt 0)

10+ Year Member

hah no problem :)

Featured Threads

Hot Threads This Week

Hot Threads This Month