Welcome to WebmasterWorld Guest from 174.129.127.214

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Database update not working with variable

Updates with hardcoded string but not variable

   
3:07 pm on Nov 27, 2013 (gmt 0)

5+ Year Member



Please advise what is wrong with the following:

$query = "INSERT INTO reports (summary) VALUES ('$rep_summary')";

If I change the variable to just 'rep_summary', the database gets updated.

I have echoed the variable $rep_summary (this value is coming from my function) and it spits out the contents that I need to update my database with.

I have spent quite a few hours trying to figure this out, but have no joy as yet.

Any suggestions, ideas, advise would be highly appreciated.

Regards

Melwyn
3:44 pm on Nov 27, 2013 (gmt 0)



try to echo $query

is $rep_summary properly escaped?
4:58 pm on Nov 27, 2013 (gmt 0)

5+ Year Member



Thanks for the input @bhukkel, I echoed $query, and it showed a few apostrophe's so I trimmed and addslashed the variable, and now it updated the database.

I tell you at times, ones mind just doesn't function all that well.

Cheers!
10:40 pm on Nov 27, 2013 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Try switching to prepared statements and get rid of the escaping madness.
1:25 pm on Nov 28, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Or alternativley look up paramaterised queries.

I know PostgreSQL for example loses efficiency when using prepare / execute as it does not know what data it has, so may choose a more generic and less efficient plan.
3:07 pm on Nov 28, 2013 (gmt 0)

5+ Year Member



Right, now after that issue, I have another road block.

I have this form, which has a select option, which is populated from my db, as an example, the select looks as below:

After the db has been queried -

echo '<select name="report_category">';
while ($row = mysql_fetch_assoc($selected)) {
$catg = $row['cat_name'];
echo '<option class="report_category" value="'.$row['id'] .'" >' .$catg;
}

Now using this value, I want to update another table with the value selected by the user from the list above, say if they selected the 1st, then the other db should update with 1, if 2nd, then update with 2, so and so forth.

$categ = trim(addslashes($_POST['report_category']));

After connecting to the db, the following query is run:

$query = "INSERT INTO db_name (cat_id) VALUES ('$categ')";

This query does not populate the db. Where have I gone wrong?

Any assistance is highly appreciated.
6:31 pm on Nov 30, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



The code you provided looks functional.

After your mysql_query() call (btw - look into using mysqli, as the mysql group of PHP functions are deprecated now), add this bit of code. It may identify the problem for you:

mysql_query($query);
$error = mysql_error();
if($error) {
echo $error;
exit;
}
6:50 pm on Nov 30, 2013 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



swa66: Try switching to prepared statements...


Readie: Or alternativley look up paramaterised queries.


Aren't these the same thing?