Jump to content

[SOLVED] updating my records

dazzclub

By dazzclub
in PHP Coding Help

 Share

Recommended Posts

dazzclub Member

dazzclub

Posted
Posted

Hello,

 

I am trying to upate existing records using a form.

 

i have written this query

------------------

$query = "UPDATE order_enquiries  SET title='$title', first_name='$first_name', surname='$surname', company_name='$company_name', company_fax='$company_fax', company_telephone_number='$company_telephone_number', address_1='$address_1', address_2='$address_2', address_3='$address_3', town=$town, county='$county', postcode='$postcode', free_sample='$free_sample', WHERE id=$id";

----------------------

 

It doesnt seem to update, can anyone take a look at the code above and tell if i have done it wrong?

 

kind regards

Dazzclub

Link to comment
Share on other sites
dazzclub Member

dazzclub

Posted
  • Author
Posted

Hello, after looking at the query i've noticed a few things but correcting these hasn't made any improvements.

 

Could you go over script and tell me what i have done wrong;

<?php
require_once("../../admin/includes/connection.php");
if(isset($_POST['submit']))
{
$title=$_POST['title'];
$first_name=$_POST['first_name'];
$surname=$_POST['surname'];
$position=$_POST['position'];
$company_name=$_POST['company_name'];
$company_email=$_POST['company_email'];
$company_fax=$_POST['company_fax'];
$company_telephone_number=$_POST['company_telephone_number'];
$address_1=$_POST['address_1'];
$address_2=$_POST['address_2'];
$address_3=$_POST['address_3'];
$town=$_POST['town'];
$county=$_POST['county'];
$post_code=$_POST['post_code'];
$free_sample=$_POST['free_sample'];
///spacer
$errors .= (empty($post_code)) ? "<span class=\"emptyFields\">postcode</span>" : "";
$errors .= (empty($company_name)) ? "<span class=\"emptyFields\">company name</span>" : "";
$errors .= (empty($company_telephone_number)) ? "<span class=\"emptyFields\">telepone number</span>" : "";
$errors .= (empty($company_email)) ? "<span class=\"emptyFields\">email</span>" : "";
//need to add country, product and state
if (!$errors)
{
if(!get_magic_quotes_gpc())
{
$title = addslashes($title);
$first_name = addslashes($first_name);
$surname = addslashes($surname);
$position= addslashes($position);
$company_name = addslashes($company_name);
$company_email = addslashes($company_email);
$company_fax = addslashes($company_fax);
$company_telephone_number= addslashes($company_telephone_number);
$address_1= addslashes($address_1);
$address_2= addslashes($address_2);
$address_3= addslashes($address_3);
$town= addslashes($town);
$county= addslashes($county);
$post_code= addslashes($post_code);
$free_sample= addslashes($free_sample);
}
if ( (isset($_GET['ID'])) && (is_numeric($_GET['ID'])) ) { //correctly accessed 
$id=$_GET['ID']; 
} else { 
$errors[] = 'You have accessed this page incorrectly.'; 
}
$query = "UPDATE order_enquiries  SET title='$title', first_name='$first_name', surname='$surname', position='$position', company_name='$company_name', company_email='$company_email',company_fax='$company_fax', company_telephone_number='$company_telephone_number', address_1='$address_1', address_2='$address_2', address_3='$address_3', town='$town', county='$county', post_code='$post_code', free_sample='$free_sample', WHERE id=$id";
$return = mysql_query($query);
echo "File $id has been updated from the database";
}
}
?>

 

kind regards

Dazzclub

Link to comment
Share on other sites
dazzclub Member

dazzclub

Posted
  • Author
Posted

Hi there,

 

I've done that and still its not updating.

 

would the problem be the "id" as when i update the form what should echo is

 

"file 1($id) has been updated" but what is displayed is "file has been updated".

 

I'll look more into this.

 

kind regards

Dazzclub

Link to comment
Share on other sites
dazzclub Member

dazzclub

Posted
  • Author
Posted

@mjdamato I've done what you suggested and when i update, the page displays a blank. i then check to see if the record has been updated, but it hasnt...hmmm

 

@cleanstatache i dont think the id is being passed, that could be the problem

 

 

....i'll work on it and see how i get on cheers for your help guys

Link to comment
Share on other sites
mlin Newbie

mlin

Posted
Posted

Could be issues with input

 

None of your variables are being escaped.

 

$address_1=$_POST['address_1'];

 

should look like: (at least)

$address_1 = mysql_real_escape_string($_POST['address_1']);

 

you should also think about getting rid of unwanted html or evil js using something like a combo of strip_tags and htmlentities...ie

$address_1 = mysql_real_escape_string(htmlentities(strip_tags($_POST['address_1'])));

 

unless you actually want to allow users to post html, then you still have to look into some sort of filter, such as kses (kses kills evil scripts...ask google)

 

Also, when your expecting numbers only from certain input such as hidden id fields, you can validate them easily by typecasting:

$id = (int)$_POST['id'];

 

that will change any sort of input to a number. 12 will remain 12. the string '12andabunchofcrap' will end up 12, but 'bunchofcrap12' will end up 0

 

I do something like:

$id = (int)$_POST['id'];

if ($id > 1) {

  //data's good, save it

} else {

  //user's doing something weird, tell em to go sit on their thumb and log what you can ;)

}

Link to comment
Share on other sites
mlin Newbie

mlin

Posted
Posted

good call Darkwater...that way you can at least see if their are escaping issues there. You'll make your life a lot easier using an ide and watching the values of your variables change step by step.

 

Don't know if there's anything gpl'd out there yet with decent debugging facilities, but zend studio (eclipse or otherwise) has fantastic debugging support for php. please post if anyone knows any open source tools that will do something similar.

Link to comment
Share on other sites
dazzclub Member

dazzclub

Posted
  • Author
Posted

Hi guys,

 

after echoing the query, it looks like the id isn't being passed, so it fails to update the record

 

UPDATE order_enquiries SET `title`='Mr', `first_name`='test', `surname`='test', `position`='test', `company_name`='test', `company_email`='test@test.co.uk', `company_fax`='0845', `company_telephone_number`='0845', `address_1`='test', `address_2`='test', `address_3`='', `town`='test', `county`='test', `post_code`='test', `free_sample`='test' WHERE id='' LIMIT 1

 

kind regards

Dazzclub

Link to comment
Share on other sites
dazzclub Member

dazzclub

Posted
  • Author
Posted

As i said in my previous post, the failure of the id variable being passed did not allow the upload to take place.

 

So after realising that, in the form part i wrote this;

---------------

<form method="post" action="update.php?ID=<?php echo $id; ?>">

---------------

 

This allowed the id variable to be passed, or the update.php to retrieve the id number to perform the correct insert.

 

Thanks for all your help guys.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.