[SOLVED] Update table query not working

[HFD]

Hi, I am currently coding an 'Administrator' section of my website, which allows administrators to add articles to the site, edit ones they have created...etc. Currently I have this query which is for the Edit Article page, and this query happens when Submit is clicked of course:

 

$updatequery="UPDATE tutorials SET title='$title', tutdesc='$tutdesc', content='$content' WHERE tutid=".$_GET['id']; 
mysql_query($updatequery);

 

But the query doesn't actually update the table, and I have no idea why...is there any problems with the query? (Note I'm using PHP). I've made sure the variable names correspond with the HTML form names, but no joy yet - if it's any help my table features the following fields, in order:

 

tutid, authid, catid, title, tutdesc, content, hits

 

Thank you

[toplay]

...I've made sure the variable names correspond with the HTML form names...

That will only work if you have register_globals on. Keep it off and use $_GET or $_POST instead.

 

You're already using $_GET['id'], so why aren't you doing it for the other fields? Or are you already usign $_GET and assigning it to those variables and you're just not showing us that?

 

To help debug, display the $updatequery value before or after the mysql_query(). The SQL syntax shown in post looks correct.

 

 

Note: Look into using mysql_real_escape_string() - always use especially with string values.

 

 

 

[HFD]

Thanks for the reply - yeah I thought I had register_globals on, turns out I hadn't - so I converted the POST variables manually. But it still isn't updating the SQL table I've outputted the query value and it seems it does indeed contain the updated values, but for some reason these aren't updating the table :-?

[toplay]

Post the $updatequery value here.

 

How are you determining that it's not updating?

 

Do:

$result = mysql_query($updatequery);

echo ($result) ? 'Update successful. Rows affected (if any): ' . mysql_affected_rows() : 'Did not update. Error: ' . mysql_error();

 

Tell us the result.

 

 

Note: MySQL will not update the row if it determines the values are the same (it's intelligent enough to know there's nothing different and no point in updating). So, if the values you're trying to update is already in the table for that tutid, then it won't update.

 

 

[HFD]

Ahh sorry I was just outputting the query to see if it was picking up the form details correctly. Using the code above I have an error:

 

Did not update. Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

Here's the code for the entire update

 

if (isset($_POST['submit'])) { 

$title = $_POST['title'];
$tutdesc = $_POST['tutdesc'];
$content = $_POST['content'];

$updatequery="UPDATE tutorials SET title='$title', tutdesc='$tutdesc', content='$content' WHERE tutid=".$_GET['id']; 
$result = mysql_query($updatequery);
echo ($result) ? 'Update successful. Rows affected (if any): ' . mysql_affected_rows() : 'Did not update. Error: ' . mysql_error();

 

Thanks

[toplay]

You forgot to post the $updatequery value just before the mysql_query() so we can see what the actual query with data is.

 

You probably have a quote in your data and you should be escaping the data users enter before trying to insert/update your table (see note in my first post).

 

 

[HFD]

Ahh sorry, the query data is rather long as $content represents an article - so yeah there's a lot of quotes, thanks for the code to stop that

 

The query data is created using a form, as the user can change the articles contents etc. The HTML code is:

 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<b>Title (Title of the article):</b> 
<input name="authid" type="hidden" value="<?php echo $info['ID'];?>" />
<input size="60" maxlength="60" type="text" name="title" value ="<?php echo $title;?>" />
<br /><br />
<b>Short description of the tutorial:</b>
<input size="60" maxlength="120" type="text" name="tutdesc" value="<?php echo $tutdesc;?>" />

<br /><br />


<b>Content:</b> <br />
<textarea name="content" rows="30" cols="80">
<?php echo $content; ?>
</textarea>
<br /><br />
<input type="submit" name="submit" value="Update Tutorial"/>

 

I've tried each input box with different data, some including just text and no special characters such as quotes, and I've done the mysql_real_escape_string as you said:

 

$title = mysql_real_escape_string($_POST['title']);
$tutdesc = mysql_real_escape_string($_POST['tutdesc']);
$content = mysql_real_escape_string($_POST['content']);

 

Sorry if I've totally misread what you mean by post the $updatequery lol, thanks