php variable in mysql query

Question

featherwebdiva 0 Newbie Poster

13 Years Ago

Hi
I've been all over these discussions and still cannot find the syntax that works!
When I echo $co and $bus, they both print on screen as they should. But when I try to update the mysql records using the following php, the business_name field data gets erased instead of changed.

This is my php. I've tried other ways too with same outcome.
Please help!!! Thanks!

$co = $_POST['contact_company'];
$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='".$co."' WHERE business_name='".$bus."'";
$result = mysql_query($query, $events) or die(mysql_error());

mysql php

4 Contributors
19 Replies
18K Views
1 Day Discussion Span
Latest Post 13 Years Ago Latest Post by diafol

diafol

13 Years Ago

Are seem to be updating without cleaning your input - use mysql_real_escape_string() and maybe htmlentities() so that input is safe.

Try:

$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";

diafol

13 Years Ago

$query = "UPDATE events SET business_name='lemon city' WHERE business_name='$bus'";
$result = mysql_query($query) or die(mysql_error());

Try a hard-coded string, see what happens.
//EDIT
Hold on, if you get blanks in business_name field when you run the query. DO you have any rows where the business_name = '$bus' any more?

Edited 13 Years Ago by diafol because: n/a

diafol

13 Years Ago

OK, well your problem seems to be the POST variable then. You said you've echoed out $co. Try it again to see if there really is data in it.

At least the error has been isolated to the variable.

lit108 0 Light Poster

13 Years Ago

try using $_POST instead of just $co in your query if I have understood the problem properly?

lit108 0 Light Poster

13 Years Ago

Is the information that is being passed into the variables coming from a form?

if so is it inside an if statement declaring that this code must be run if the form is submitted?

if (isset($_POST['submit'])) {

$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='$_POST[contact_company]' WHERE            business_name='$bus'";
$result = mysql_query($query, $events) or die(mysql_error());

}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

featherwebdiva 0 Newbie Poster · Answer 1 · 2011-02-24T01:06:25+00:00

Are seem to be updating without cleaning your input - use mysql_real_escape_string() and maybe htmlentities() so that input is safe.
Try:
$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";

OK I used mysql_real_escape_string on $co, and used the single quotes in my query like this, but still same result. No different from before the change.

Here it is

$co = mysql_real_escape_string($_POST['contact_company']);
$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";
$result = mysql_query($query, $events) or die(mysql_error());

featherwebdiva 0 Newbie Poster · Answer 2 · 2011-02-24T03:01:30+00:00

$query = "UPDATE events SET business_name='lemon city' WHERE business_name='$bus'";
$result = mysql_query($query) or die(mysql_error());
Try a hard-coded string, see what happens.
//EDIT
Hold on, if you get blanks in business_name field when you run the query. DO you have any rows where the business_name = '$bus' any more?

thanks for your help, but I still can't get this to work.
hard-coded works.
and, no, all occurrences of business_name where business_name='$bus' are replaced with blanks.

featherwebdiva 0 Newbie Poster · Answer 3 · 2011-02-24T03:14:28+00:00

OK, well your problem seems to be the POST variable then. You said you've echoed out $co. Try it again to see if there really is data in it.
At least the error has been isolated to the variable.

echo $bus . ' -> ' . $co; // KMM promotions -> KMM

featherwebdiva 0 Newbie Poster · Answer 4 · 2011-02-24T03:40:33+00:00

try using $_POST instead of just $co in your query if I have understood the problem properly?

thank you!!! that worked
here it is

//$co = mysql_real_escape_string($_POST['contact_company']);
$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='$_POST[contact_company]' WHERE business_name='$bus'";
$result = mysql_query($query, $events) or die(mysql_error());

featherwebdiva 0 Newbie Poster · Answer 5 · 2011-02-24T03:45:03+00:00

thank you!!! that worked
here it is

//$co = mysql_real_escape_string($_POST['contact_company']);
$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='$_POST[contact_company]' WHERE business_name='$bus'";
$result = mysql_query($query, $events) or die(mysql_error());

ok I must've been seeing things, it didn't work... ugggg... same result... blanks

diafol · Answer 6 · 2011-02-24T06:33:56+00:00

Tell me you're not passing contact_company by url ($_GET). But you said:

> When I echo $co and $bus, they both print on screen as they should.

So I'm confused. Something very odd going on here if you can echo out $co just before the SQL and it seems OK and then the SQL gives a blank. If this really is the case, echo out your SQL statement before you run it:

$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";
echo $query;
$result = mysql_query($query, $events) or die(mysql_error());

featherwebdiva 0 Newbie Poster · Answer 7 · 2011-02-24T06:34:28+00:00

Is the information that is being passed into the variables coming from a form?
if so is it inside an if statement declaring that this code must be run if the form is submitted?

yes, it is this exactly

if (isset($_POST['submit']) && ($_POST['contact_company'] <> $row_contact['business_name'])) {
$co = mysql_real_escape_string($_POST['contact_company']);
$bus = $row_contact['business_name'];
$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";
$result = mysql_query($query, $events) or die(mysql_error());
//echo $bus . ' -> ' . $co;
}

featherwebdiva 0 Newbie Poster · Answer 8 · 2011-02-24T06:46:57+00:00

Tell me you're not passing contact_company by url ($_GET). But you said:
> When I echo $co and $bus, they both print on screen as they should.
So I'm confused. Something very odd going on here if you can echo out $co just before the SQL and it seems OK and then the SQL gives a blank. If this really is the case, echo out your SQL statement before you run it:
$query = "UPDATE events SET business_name='$co' WHERE business_name='$bus'";
echo $query;
$result = mysql_query($query, $events) or die(mysql_error());

UPDATE events SET business_name='KMM' WHERE business_name='KMM promotions'

I'm baffled arggg......

diafol · Answer 9 · 2011-02-24T06:58:09+00:00

Ditto...

You do have current records in the table with business_name equal to 'KMM promotions'? If, as you say, these were written to blank, you replaced the blanks with 'KMM promotions' again before another trial?

danishbacker 0 Junior Poster in Training · Answer 10 · 2011-02-24T12:38:07+00:00

Hai, just echo the $query as Mr. ardav said, if the problem is still no solved.

featherwebdiva 0 Newbie Poster · Answer 11 · 2011-02-24T23:56:56+00:00

Ditto...
You do have current records in the table with business_name equal to 'KMM promotions'? If, as you say, these were written to blank, you replaced the blanks with 'KMM promotions' again before another trial?

yes I do, after each test I then use pma to replace the blanks. There's got to be something I'm overlooking. I'm 2 days into this now with no solution! Seems like a bad php dream. Ever had one of those?

diafol · Answer 12 · 2011-02-25T00:36:26+00:00

> Seems like a bad php dream. Ever had one of those?

Ermm, I think you need to get out more mate. :)

When you hard-code a value e.g. 'KMM' into the sql it works right?

Try

$co = "KMM"; //so not from $_POST
//then the rest of your code

featherwebdiva 0 Newbie Poster · Answer 13 · 2011-02-25T00:53:46+00:00

I'm an idiot what can I say!
My form is posting to self so of course on first page load there is no $_POST, explains the blanks. Then on submit there's nothing to replace because the WHERE condition wouldn't be met. I didn't catch that on the echo $query until now. Ugggg... Sometimes fresh eyes are amazing!

if (isset($_POST['contact_company'])) {
...
}

Thanks for all the diagnostic help and SORRY for bothering with such silliness!
~Jennifer

diafol · Answer 14 · 2011-02-25T01:04:52+00:00

Please mark this post as solved.