SQL Update with PHP problem

Question

Exploded Fiber 0 Newbie Poster

14 Years Ago

Hello all,
I'm pretty new to PHP & SQL. I am having some trouble with a web voting page I'm creating. I have a PHP loop which is displaying data from SQL table A. Beside it, a small text box linked to SQL table B to allow users assign numeric preferences. I need the preferences of users to be UPDATE'd to the database. Here is what I've got:

<?php
$Full = $_POST['Full'];
$rows = "SELECT COUNT (*) FROM candidate";
$query = mysql_query("SELECT LastName, FirstName, Party, Description FROM candidate") or die(mysql_error());
$link = "<input type='int' name='Full' size='7'>";
    $sql = "UPDATE prstv SET FULL = (FULL + '$link')";
           
                if (@mysql_query($sql)){
            "INSERT into prstv(vote) value (1)";
                }else{
                echo '<p> Error Adding Vote Values:'.mysql_error().'</p>';
                }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title>Candidate Voting Page</title>
</head>

<body>
<form action="<?php echo(htmlentities($_SERVER['PHP_SELF']));?>"method="Post">
<?php
echo "<table border='1'>";
echo "<tr><th>Last Name</th><th>First Name</th><th>Party</th><th>Description</th><th>Cast Vote</th>";
    while($row = mysql_fetch_array($query))
    {   
        echo "<tr><td>";
        echo $row['LastName'];
        echo "</td><td>";
        echo $row['FirstName'];
        echo "</td><td>";
        echo $row["Party"];
        echo "</td><td>";
        echo $row["Description"];
        echo "</td><td>";
        echo $link;
        //$preference;
    }
    echo "</table>";
    
?>

<input type='submit' value='Submit'>
</form>
</body>
</html>

The highlighted(red) is the main issue. I'd appreciate any help offered.

Exploded

php sql

3 Contributors
9 Replies
194 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by diafol

Wraithmanilian 1 Junior Poster

14 Years Ago

Assuming that $link is a integer, then try:

$sql = "UPDATE `prstv` SET `FULL` = `FULL`+".$link.")";

diafol

14 Years Ago

try leaving off the brackets:

$q = mysql_query("UPDATE prstv SET FULL = FULL + $link");

If your statement is placed within double quotes, you don't need to escape your variable unless it is an array variable ($array) that contains quotes, in which case you need to use curly braces

$var = "blah blah {$array['sol']} blah blah";

Single quotes is a different matter - complete pain.

//EDIT

Hold on - just looked at your vars again

$link = "<input type='int' name='Full' size='7'>";

I assumed that $link was an integer as asked previously. But it's not is it? It's a bit of text. Sort that out. By the way never heard of 'type="int"' - what is it?

Edited 14 Years Ago by diafol because: n/a

Wraithmanilian 1 Junior Poster

14 Years Ago

Thanks for your reply Wraithmanilian.
You are right indeed, $link is an INT. This does not solve the problem though. It seems including $link in the sql query:
$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";
causes an SQL error:
Error Adding Vote Values:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

If I remove $link from the query I don't get the error, however, the database does not update. Thanks for your input though.

Just out of curiosity, could you echo the result of $link and paste the result here? Like:

$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";
if (!$sql) {
    die('Invalid query: ' . mysql_error().' with \$link=\"'.$link);
}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Exploded Fiber 0 Newbie Poster · Answer 1 · 2010-02-19T16:32:21+00:00

Thanks for your reply Wraithmanilian.

You are right indeed, $link is an INT. This does not solve the problem though. It seems including $link in the sql query:

$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";

causes an SQL error:
Error Adding Vote Values:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

If I remove $link from the query I don't get the error, however, the database does not update. Thanks for your input though.

Exploded Fiber 0 Newbie Poster · Answer 2 · 2010-02-19T18:33:19+00:00

Just out of curiosity, could you echo the result of $link and paste the result here? Like:
$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";
if (!$sql) {
    die('Invalid query: ' . mysql_error().' with \$link=\"'.$link);
}

Ok firstly, ardav was correct regarding the incorrect use of type='int' in $link. Have corrected that.
For Wraithmanilian, I used your example to see the results for $link, word for word.

$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";
 
      if (!$sql) {
 
      die('Invalid query: ' . mysql_error().' with \$link=\"'.$link);
      }

The strange thing is the page loads fine, without any errors. When I submit the integers, however, the database does not update.

diafol · Answer 3 · 2010-02-20T03:59:27+00:00

Perhaps I'm missing something here:

$link = "<input type=... (etc)...>"

Is this still the case? Is $link a string variable? You can't place the value of a form field within a variable like this. The variable stores the literal string (<input...). If your FULL field in the DB is set to INT datatype, then you can't update an integer field with a "non-sensical" string. Hope I've got that right, or I'm gonna look stoopid.

Wraithmanilian 1 Junior Poster · Answer 4 · 2010-02-20T10:13:17+00:00

Perhaps I'm missing something here:
$link = "<input type=... (etc)...>"
Is this still the case? Is $link a string variable? You can't place the value of a form field within a variable like this. The variable stores the literal string (<input...). If your FULL field in the DB is set to INT datatype, then you can't update an integer field with a "non-sensical" string. Hope I've got that right, or I'm gonna look stoopid.

Nah, not at all. The $link is an integer passed from a page where the voting occurs. I also had a thought on that...

Let's add a little something to check our SQL form:

$sql = "UPDATE prstv SET FULL = (FULL + ".$link.")";
if (!$sql) {
  die('Invalid query: ' . mysql_error().' with \$link=\"'.$link);
} else {
  die('Valid query: \"'.$link.'\"');
}

This way, if the sql breaks, we know why. If it does not, it will output the sql command the way the script sees it. If it's not too much trouble, could you try this in the script and paste the output to the thread? We'll beat this thing! :) Thanks!

Exploded Fiber 0 Newbie Poster · Answer 5 · 2010-02-20T15:09:54+00:00

Hey Ardav & Wraithmanilian,

I appreciate your determination in getting this sorted. I added the code you suggested, Wraithmanilian.

Page returned: Valid query: \"******\" - with ****** as an input box. I changed the code to remove the if statments 'die' to allow the table too loop as normal. Again though, submitting integers into the fields and submitting does not update the table. Perhaps it may be best to change this approach and assign dropboxes. I initally avoided this because I didn't want drop boxes with alot of choices..... though it perhaps may be something to consider now.

diafol · Answer 6 · 2010-02-20T18:37:59+00:00

THis was my thought:

Page returned: Valid query: \"******\" - with ****** as an input box

The $link variable contains a literal string for the input form field, not the actual value. Try putting this at the top of the page:

$link = $_POST['Full'];