php modify a database - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

php modify a database

modify database

bzrk

6:57 pm on Jan 31, 2011 (gmt 0)

10+ Year Member

cant modify database i followed a tutorial but its seems to be incomplete?

This is the error message i get____________________
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

AND HERE IS THE CODE___________

<?php
error_reporting(E_ALL);
include 'connection.php';
if(!isset($_POST['submit'])) {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);

}
error_reporting(0);
?>
<h1> You are Modifying A user</h1>
<form action="<?php echo $_SERVER ['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name"id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />
</form>
<?php
if(isset($_POST['submit'])) {

$u = "UPDATE people SET `Name`='$_POST[inputName]', `Description`='$_POST[inputDesc]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
echo "User has been modified!";
header("Location: index.php");
}

?>

iam realy new to this so some one help plz.thnx

/best regards

Matthew1980

7:42 pm on Jan 31, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hi there bzrk,

Firstly welcome to WebmasterWorld!

Which query of the two queries doesn't work? They both have errors.

First one should work as this:-

$q = "SELECT * FROM `people` WHERE `ID` = ".mysql_real_escape_string(strip_tags($_GET['id']))." ";

Second one:-

$u = "UPDATE `people` SET `Name` = '".mysql_real_escape_string(strip_tags($_POST['inputName']))."', `Description` = '".mysql_real_escape_string(strip_tags($_POST['inputDesc']))."' WHERE `ID` = ".mysql_real_escape_string(strip_tags($_POST['id']))." ";

Right, that shouldn't give you any bother now :)

There are a few other issues with the form, but for now you want to get the sql working...

Cheers,
MRb

bzrk

9:05 pm on Jan 31, 2011 (gmt 0)

10+ Year Member

aight thnx should it look like this now?

<?php
error_reporting(E_ALL);
include 'connection.php';
if(!isset($_POST['submit'])) {
$q = "SELECT * FROM `people` WHERE `ID` = ".mysql_real_escape_string(strip_tags($_GET['id']))." ";
$result = mysql_query($q);
$person = mysql_fetch_array($result);

}
error_reporting(0);
?>
<h1> You are Modifying A user</h1>
<form action="<?php echo $_SERVER ['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name"id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />
</form>
<?php
if(isset($_POST['submit'])) {

$u = "UPDATE `people` SET `Name` = '".mysql_real_escape_string(strip_tags($_POST['inputName']))."', `Description` = '".mysql_real_escape_string(strip_tags($_POST['inputDesc']))."' WHERE `ID` = ".mysql_real_escape_string(strip_tags($_POST['id']))." ";

mysql_query($u) or die(mysql_error());
echo "User has been modified!";
header("Location: index.php");
}

?>

bzrk

9:07 pm on Jan 31, 2011 (gmt 0)

10+ Year Member

thnx for the welcome Matthew =) and the fast replay.

got that error again..

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

cheers

Matthew1980

9:12 pm on Jan 31, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hello,

What happens when you run this script now? You can totally omit this line:-

error_reporting(0);

You have already declared error_reporting(E_ALL); state at the top of your script, and the E_ALL is better as it will list all error's as they occur.

As I say though, see if the script functions first, then we can sort the other things out once the script functions.

As it stands there are security issues within the form tag, and the form handling could be handled better, but as it was taken from a tutorial, these things are inherently poor to encourage you to learn better practices - at least that's how they always come across to me :)

Cheers,
MRb

bzrk

9:25 pm on Jan 31, 2011 (gmt 0)

10+ Year Member

ahh thnx for the info again =) i just want to lear some of these functions not going to use it on a site just for learning purpose =)

heres the error msg

Notice: Undefined index: id in C:\wamp\www\test\modify.php on line 23
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

cheers m8

bzrk

1:49 pm on Feb 1, 2011 (gmt 0)

10+ Year Member

Notice: Undefined index: id in C:\wamp\www\test\modify.php on line 25
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3

Matthew1980

2:19 pm on Feb 1, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hi there bzrk,

Ok, this is a good thing! debugging is an essential part of learning to program. The error your getting (undefined index 'id') refers to this line:-

<input type="hidden" name"id" value="<?php echo $_GET['id']; ?>" />

and is telling you that because your trying to echo something that isn't there and hasn't made it's self known to php by using the isset() it's not sure what it is.

This:-

<input type="hidden" name"id" value="<?php echo (isset($_GET['id']) ? $_GET['id'] : ''); ?>" />

will get rid of the error, but really you need to check to see that all $_GET variables are set (check the URL string to see what is being passed into this script)

And by the looks of it, this is why your query is failing because the $_GET source isn't set, so check the URL to see what's available.

Hope that makes sense.

Cheers,
MRb

rocknbil

6:17 pm on Feb 1, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

An aside, the original statements *should* work if get/post "id" is populated since he/she didn't quote the array ref

$_GET[id] as opposed to $_GET['id']

But as you have determined, the values are blank/null, and that approach is a bit unreliable. Always check input. Always check input. And after you do that, always check input. :-)


if(!isset($_POST['submit'])) { 
 if isset($_GET['id']) and (is_numeric($_GET['id']) and ($_GET['id'] > 0)) { 
 $q = "SELECT * FROM people WHERE ID = " . $_GET['id']; 
 $result = mysql_query($q); 
 $person = mysql_fetch_array($result); 
 } 
 else { echo "<p>ID IS NOT VALID</p>"; exit; } 
}

and

.....


if(isset($_POST['submit'])) { 
 if isset($_POST['id']) and (is_numeric($_POST['id']) and ($_POST['id'] > 0)) { 
 $u = "UPDATE people SET `Name`='$_POST[inputName]', `Description`='$_POST[inputDesc]' WHERE ID = " . $_POST['id'];  
 // etc .... 
 } 
 else { echo "<p>ID IS INVALID.</p>"; exit; } 
}

A side note: have you tested this by pressing enter while focused in the last field of your form instead of actually using the submit button? It will *probably* work, as that action is *supposed* to auto-"press" the first submit element it finds - but may not always. I'd use a hidden field instead of name="submit".

bzrk

6:23 pm on Feb 1, 2011 (gmt 0)

10+ Year Member

Aight going to test it when i come home cheers