sql update in php

Question

matanc244 0 Newbie Poster

12 Years Ago

I have a problem to update my sql

<?php
 $host="localhost"; // Host name 
$username="matanc_cmd"; // Mysql username 
$password="123123"; // Mysql password 
$db_name="matanc_cms"; // Database name 
$tbl_name="content"; // Table name

// Connect to server and select database.
 mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
 $id=$_GET['id'];

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
 $result=mysql_query($sql);

$rows=mysql_fetch_array($result);
 ?>


 <table width="400" border="0" cellspacing="1" cellpadding="0">
 <tr>
<form name="form1" method="post" action="update_ac.php">
 <td>
 <table width="100%" border="0" cellspacing="1" cellpadding="0">
 <tr>
 <td> </td>
 <td colspan="3"><strong>Update data in mysql</strong> </td>
 </tr>
 <tr>
 <td align="center"> </td>
 <td align="center"> </td>
 <td align="center"> </td>
 <td align="center"> </td>
 </tr>
 <tr>
 <td align="center"> </td>
 <td align="center"><strong>Name</strong></td>
 <td align="center"><strong>Lastname</strong></td>
 <td align="center"><strong>Email</strong></td>
 </tr>
 <tr>
 <td> </td>
 <td align="center">
<input name="title" type="text" id="title" value="<? echo $rows['title']; ?>">
</td>
 <td align="center">
<input name="discription" type="text" id="discription" value="<? echo $rows['discription']; ?>" size="15">
</td>
 <td>
<input name="content" type="text" id="content" value="<? echo $rows['content']; ?>" size="15">
</td>
 </tr>
 <tr>
 <td> </td>
 <td>
<input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>">
</td>
 <td align="center">
<input type="submit" name="Submit" value="Submit">
</td>
 <td> </td>
 </tr>
 </table>
 </td>
</form>
 </tr>
 </table>

<?php
// close connection 
mysql_close();
 ?>

and that is the second page code

 <?php
 $con = mysql_connect("localhost","matanc_cmd","123123");
 if (!$con)
   {
   die('Could not connect: ' . mysql_error());
   }

mysql_select_db("matanc_cms", $con);

mysql_query("UPDATE content SET  title='title', discription='discription', content='content'
 WHERE  id='id'");


mysql_close($con);
// if successfully updated. 
if($result){
 echo "Successful";
 echo "<BR>";
 echo "<a href='show.php'>View result</a>";
 }

 else {
 echo "ERROR";
 }

 ?>

What is wrong in the code ?

php

3 Contributors
2 Replies
172 Views
1 Hour Discussion Span
Latest Post 12 Years Ago Latest Post by broj1

diafol

12 Years Ago

mysql_query("UPDATE content SET  title='title', discription='discription', content='content' WHERE  id='id'");

Are you looking to include static values like in the above or did you want to include POST values:

$title = mysql_real_escape_string($_POST['title']);
$discription = mysql_real_escape_string($_POST['discription']);
$content = mysql_real_escape_string($_POST['content']);
$id = intval($_POST['id']);

mysql_query("UPDATE content SET  title='$title', discription='$discription', content='$content' WHERE  id= $id");

I don't think it matters, but discription should be description.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

broj1 356 Humble servant Featured Poster · Answer 1 · 2012-07-01T19:23:03+00:00

You do not read any variables for values from the form on previous page in the update_ac.php. You should assign the values from the $_POST array. This should go on top of the pdate_ac.php:

// check if the form was submitted
if(isset($_POST['Submit'])) {

    // get the ID (cast it to integer if it is supposed to be integer)
    $id = (int) $_POST['id'];

    // get the title and escape it to avoid SQL injection
    $title = mysql_real_escape_string($_POST['title']);

    // get the content and escape it to avoid SQL injection
    $content = mysql_real_escape_string($_POST['content']);

    // get the description and escape it to avoid SQL injection
    $discription = mysql_real_escape_string($_POST['discription']);

    // now run the update query using the variables
    mysql_query("UPDATE content SET title='$title', discription='$discription', content='$content' WHERE id='$id'");

    mysql_close($con);

    // if successfully updated.
    if($result){
    echo "Successful";
    echo "<BR>";
    echo "<a href='show.php'>View result</a>";
}