Mysql query having no effect

Question

fheppell 0 Newbie Poster

11 Years Ago

This php code updates a database entry. The form consists of a checkbox (name = download) and a hidden field so I can check it has actually been sumbitted(name = updated). When I run this code it gives me the success message but the database remains unchanged. Why is this?

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $query = sprintf("UPDATE `images` SET `download`='%s' WHERE `url`='%s'",
             mysql_real_escape_string($candownload),
             mysql_real_escape_string($url));
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}

Thanks for any help

mysql php sql

2 Contributors
7 Replies
162 Views
1 Hour Discussion Span
Latest Post 11 Years Ago Latest Post by fheppell

code_rum 8 Junior Poster in Training

11 Years Ago

First of all What are you trying to do??
found some error

mysql_select_db($dbname,$con);

Should be before query.

Update query is having a syntax error.
I may be wrong but sprintf doesn't work this way .

$val_one = sprintf('%s', $candownload);//This assigns value to $val_one . According to me there's no need to use sprintf
$val_two = sprintf('%s', $url);
$query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";

Didn't get it what you are trying to do with these ones

    mysql_real_escape_string($candownload),
    mysql_real_escape_string($url)

If you are using mysql_real_escape_string
use before running a query . This would help you to understand your code properly.

May be this should help

Edited 11 Years Ago by code_rum

code_rum 8 Junior Poster in Training

11 Years Ago

Try this one

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $val_one = sprintf('%s', mysql_real_escape_string($candownload));
    $val_two = sprintf('%s', mysql_real_escape_string($url));
    $query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}

Edited 11 Years Ago by code_rum

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

fheppell 0 Newbie Poster · Answer 1 · 2013-05-29T16:14:11+00:00

This code was given in another thread to help prevent sql injection

fheppell 0 Newbie Poster · Answer 2 · 2013-05-29T16:31:26+00:00

fheppell 0 Newbie Poster

11 Years Ago

Thanks!

Edited 11 Years Ago by fheppell

fheppell 0 Newbie Poster · Answer 3 · 2013-05-29T16:34:34+00:00

Tried this, but the database still isn't updating

code_rum 8 Junior Poster in Training · Answer 4 · 2013-05-29T16:57:34+00:00

Try Debugging it.

echo something inside if .

comment header('Location: account') and session part for now.

fheppell 0 Newbie Poster · Answer 5 · 2013-05-29T17:04:41+00:00

Worked it out! A GET variable was not being submitted properly. Thanks for all the help, I'm using your suggestion as it looks cleaner.