Welcome to WebmasterWorld Guest from 107.22.24.16

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Database update not working with variable

Updates with hardcoded string but not variable

     
3:07 pm on Nov 27, 2013 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 10, 2006
posts: 140
votes: 0


Please advise what is wrong with the following:

$query = "INSERT INTO reports (summary) VALUES ('$rep_summary')";

If I change the variable to just 'rep_summary', the database gets updated.

I have echoed the variable $rep_summary (this value is coming from my function) and it spits out the contents that I need to update my database with.

I have spent quite a few hours trying to figure this out, but have no joy as yet.

Any suggestions, ideas, advise would be highly appreciated.

Regards

Melwyn
3:44 pm on Nov 27, 2013 (gmt 0)

Full Member

5+ Year Member

joined:Aug 16, 2010
posts:220
votes: 11


try to echo $query

is $rep_summary properly escaped?
4:58 pm on Nov 27, 2013 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 10, 2006
posts: 140
votes: 0


Thanks for the input @bhukkel, I echoed $query, and it showed a few apostrophe's so I trimmed and addslashed the variable, and now it updated the database.

I tell you at times, ones mind just doesn't function all that well.

Cheers!
10:40 pm on Nov 27, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Try switching to prepared statements and get rid of the escaping madness.
1:25 pm on Nov 28, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Dec 13, 2009
posts:945
votes: 0


Or alternativley look up paramaterised queries.

I know PostgreSQL for example loses efficiency when using prepare / execute as it does not know what data it has, so may choose a more generic and less efficient plan.
3:07 pm on Nov 28, 2013 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 10, 2006
posts: 140
votes: 0


Right, now after that issue, I have another road block.

I have this form, which has a select option, which is populated from my db, as an example, the select looks as below:

After the db has been queried -

echo '<select name="report_category">';
while ($row = mysql_fetch_assoc($selected)) {
$catg = $row['cat_name'];
echo '<option class="report_category" value="'.$row['id'] .'" >' .$catg;
}

Now using this value, I want to update another table with the value selected by the user from the list above, say if they selected the 1st, then the other db should update with 1, if 2nd, then update with 2, so and so forth.

$categ = trim(addslashes($_POST['report_category']));

After connecting to the db, the following query is run:

$query = "INSERT INTO db_name (cat_id) VALUES ('$categ')";

This query does not populate the db. Where have I gone wrong?

Any assistance is highly appreciated.
6:31 pm on Nov 30, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Dec 13, 2009
posts:945
votes: 0


The code you provided looks functional.

After your mysql_query() call (btw - look into using mysqli, as the mysql group of PHP functions are deprecated now), add this bit of code. It may identify the problem for you:

mysql_query($query);
$error = mysql_error();
if($error) {
echo $error;
exit;
}
6:50 pm on Nov 30, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


swa66: Try switching to prepared statements...


Readie: Or alternativley look up paramaterised queries.


Aren't these the same thing?