TalkPHP - View Single Post

sketchMedia · 11-09-2009, 11:52 AM

Right first off, there is no legitimate reason for wrapping your variables in double quotes when passing into a function (for example your mysql_connect etc), all it does is make php do extra work for no apparent reason.

PHP Code:


			
mysql_connect("$host" ...

becomes:

PHP Code:


			
mysql_connect($host ...

Secondly you don't call mysql_query at any point in your script, mysql can't read your mind.

Also in your sql, there is no need to escape the single quotes if the string is wrapped in doubles

heres a more or less cleaned version:

PHP Code:


			
<?php
$host     = 'localhost';  // Host name
$username = 'xx';         // Mysql username
$password = 'xx';         // Mysql password
$db_name  = 'xx';         // Database name
$tbl_name = 'test_mysql'; // Table name

// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// update data in mysql database
$sql = "UPDATE " . mysql_real_escape_string($tbl_name) .
       " SET name='" . mysql_real_escape_string($name) .
       "', lastname='" . mysql_real_escape_string($lastname) .
       "', email='" . mysql_real_escape_string($email) .
       "' WHERE id='" . mysql_real_escape_string($id) . "'";

$result = mysql_query($sql);
// if successfully updated.
if($result){
    echo "Successful";
    echo "<BR>";
    echo "<a href='list_records.php'>View result</a>";
}else {
    echo "ERROR";
}

also you might want to change

PHP Code:


			
echo "ERROR";

to somehting more useful like

PHP Code:


			
echo mysql_error();

11-09-2009, 11:52 AM	#10 (permalink)
sketchMedia The Prestige Join Date: Oct 2007 Location: Manchester, UK Posts: 854 Thanks: 32	Right first off, there is no legitimate reason for wrapping your variables in double quotes when passing into a function (for example your mysql_connect etc), all it does is make php do extra work for no apparent reason. PHP Code: `mysql_connect("$host" ...` becomes: PHP Code: `mysql_connect($host ...` Secondly you don't call mysql_query at any point in your script, mysql can't read your mind. Also in your sql, there is no need to escape the single quotes if the string is wrapped in doubles heres a more or less cleaned version: PHP Code: <?php $host = 'localhost'; // Host name $username = 'xx'; // Mysql username $password = 'xx'; // Mysql password $db_name = 'xx'; // Database name $tbl_name = 'test_mysql'; // Table name // Connect to server and select database. mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); // update data in mysql database $sql = "UPDATE " . mysql_real_escape_string($tbl_name) . " SET name='" . mysql_real_escape_string($name) . "', lastname='" . mysql_real_escape_string($lastname) . "', email='" . mysql_real_escape_string($email) . "' WHERE id='" . mysql_real_escape_string($id) . "'"; $result = mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; }else { echo "ERROR"; } also you might want to change PHP Code: `echo "ERROR";` to somehting more useful like PHP Code: `echo mysql_error();` __________________ mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0; Empty set (0.00 sec)