|
Updating data in mysql
Hello hope you can help me..
I have found this script on http://www.phpeasystep.com/mysql/9.html but it dosen't update the database. I don't get any errors so i can't find out what is wrong. UPDATE.PHP: <?php $host="localhost"; // Host name $username="xx"; // Mysql username $password="xx"; // mysql password $db_name="xx"; // Database name $tbl_name="test_mysql"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // get value of id that sent from address bar $id=$_GET['id']; // Retrieve data from database $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="update_ac.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="3"><strong>Update data in mysql</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> </tr> <tr> <td> </td> <td align="center"><input name="name" type="text" id="name" value="<? echo $rows['name']; ?>"></td> <td align="center"><input name="lastname" type="text" id="lastname" value="<? echo $rows['lastname']; ?>" size="15"></td> <td><input name="email" type="text" id="email" value="<? echo $rows['email']; ?>" size="15"></td> </tr> <tr> <td> </td> <td><input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"></td> <td align="center"><input type="submit" name="Submit" value="Submit"></td> <td> </td> </tr> </table> </td> </form> </tr> </table> <? // close connection mysql_close(); ?> UPDATE_AC.PHP: <?php $host="localhost"; // Host name $username="xx"; // Mysql username $password="xx"; // Mysql password $db_name="xx"; // Database name $tbl_name="test_mysql"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql = "UPDATE $tbl_name SET name='$name', lastname='$lastname', email='$email' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?> LIST_RECORDS.PHP: <?php $host="localhost"; // Host name $username="xx"; // Mysql username $password="xx"; // Mysql password $db_name="xx"; // Database name $tbl_name="test_mysql"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td> <table width="400" border="1" cellspacing="0" cellpadding="3"> <tr> <td colspan="4"><strong>List data from mysql </strong> </td> </tr> <tr> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> <td align="center"><strong>Update</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td><? echo $rows['name']; ?></td> <td><? echo $rows['lastname']; ?></td> <td><? echo $rows['email']; ?></td> <td align="center"><a href="update.php?id=<? echo $rows['id']; ?>">update</a></td> </tr> <?php } ?> </table> </td> </tr> </table> <?php mysql_close(); ?> |
Put the line
PHP Code:
Just a note, none of the data is being escaped; this means that I could submit a MySQL command like "DROP TABLE", and the entire database/table would be wiped clean. This code is very poorly written and I would advise you to steer clear of any code written by this author/site. |
I have put in error_reporting(E_ALL);
but it dosen't come with any errors? |
Is there not any who has an idea what the problem is?
|
I have put in mysql_query($sql) or die(mysql_error()); in UPDATE_AC.PHP but that didn't work..
What can i do so my code isn't so easy to enject? I don't know so much about php so hope you can help me. Also to get the UPDATE working.. ;-) |
Well, I would run mysql_real_escape_string() on every variable that is being placed into the mysql statement.
|
and what would that mean?
Could you place an eksampel.. |
An escape sample.
PHP Code:
|
I have put your eksampel in update_ac.php and then i get ERROR.
<?php $host="localhost"; // Host name $username="xx"; // Mysql username $password="xx"; // Mysql password $db_name="xx"; // Database name $tbl_name="test_mysql"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql = "UPDATE " . mysql_real_escape_string($tbl_name) . " SET name=\'" . mysql_real_escape_string($name) . "\', lastname=\'" . mysql_real_escape_string($lastname) . "\', email=\'" . mysql_real_escape_string($email) . "\' WHERE id=\'" . mysql_real_escape_string($id) . "\'"; // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?> |
Right first off, there is no legitimate reason for wrapping your variables in double quotes when passing into a function (for example your mysql_connect etc), all it does is make php do extra work for no apparent reason.
PHP Code:
PHP Code:
Also in your sql, there is no need to escape the single quotes if the string is wrapped in doubles heres a more or less cleaned version: PHP Code:
PHP Code:
PHP Code:
|
?php
$host = 'localhost'; // Host name $username = 'xx'; // Mysql username $password = 'xx'; // Mysql password $db_name = 'xx'; // Database name $tbl_name = 'test_mysql'; // Table name // Connect to server and select database. mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); // update data in mysql database $sql = "UPDATE " . mysql_real_escape_string($tbl_name) . " SET name='" . mysql_real_escape_string($name) . "', lastname='" . mysql_real_escape_string($lastname) . "', email='" . mysql_real_escape_string($email) . "' WHERE id='" . mysql_real_escape_string($id) . "'"; $result = mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; }else { echo mysql_error(); } I have changed the file to this now. It tell's me that the database is successfully updated, but it still doens't update the database? |
PHP Code:
I would recommend the code in the post above me (sketchMedia's), or use this code, it's just easier for me to read. I was going through the code trying to fix any mundane bug and I found that I was escaping the table name. |
What about $tbl_name = 'test_mysql';
Shoulden't that be somewhere in the script? |
I changed it to $database, it really doesn't matter.
|
I get this error now:
// Take this out when you're ready to make the code live. error_reporting(E_ALL); // Connect to server and select database. $hostname = 'localhost'; $username = 'xx'; $password = 'xx'; $database = 'xx'; $link = mysql_connect($host, $username, $password) || die(mysql_error()); // mysql_select_db($database, $link)or die(mysql_error()); // Set some default data. $name = 'John'; $lastname = 'Doe'; $email = 'user@example.com'; $id = 123145; // update data in mysql database $sql = "UPDATE " . $database . " SET name='" . mysql_real_escape_string($name) . "', lastname='" . mysql_real_escape_string($lastname) . "', email='" . mysql_real_escape_string($email) . "' WHERE id='" . mysql_real_escape_string($id) . "'"; $result = mysql_query($sql, $link); |
Looks like you are just copy/pasting what's been put on here....
Code:
$link = mysql_connect($host, $username, $password) || die(mysql_error());Code:
$link = mysql_connect($host, $username, $password) || die(mysql_error());did you put the code inside php tags ? Code:
|
No i forgot the php tags.. Sorry.. :-)
Now have put the tags in then it goes to a blank page when i press submit. No errors nothing.. The database is still not updated. Should i not tell the script what tabel in the database it should update. |
yep seen the mistake...
Code:
$sql = "UPDATE " . $database .Code:
|
No it still goes to a blank page
<?PHP // Take this out when you're ready to make the code live. error_reporting(E_ALL); // Connect to server and select database. $hostname = 'localhost'; $username = 'xx'; $password = 'xx'; $database = 'xx'; $tbl_name = 'xx'; $link = mysql_connect($host, $username, $password) || die(mysql_error()); // mysql_select_db($database, $link)or die(mysql_error()); // update data in mysql database $sql = "UPDATE " . $tbl_name . " SET name='" . mysql_real_escape_string($name) . "', lastname='" . mysql_real_escape_string($lastname) . "', email='" . mysql_real_escape_string($email) . "' WHERE id='" . mysql_real_escape_string($id) . "'"; $result = mysql_query($sql, $link); ?> |
don't know why
Code:
// mysql_select_db($database, $link)or die(mysql_error());should be Code:
mysql_select_db($database, $link)or die(mysql_error()); |
| All times are GMT. The time now is 08:51 PM. |
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0