JStefan Posted September 23, 2009 Share Posted September 23, 2009 Hi all, I have difficulties making a basic form to update records in Mysql database. I got to the stage where I do not get error messages anymore from the Apache server but the records will not update still. The table has an primary key id row which is set to auto increment in front of the other 3 rows you can see in the php file. Your time and help much appreciate in advance. Thanks, Julian Form in HTML file <form name="upload" action="uploadcategory.php" method="POST"> name<input type="text" name="name" /><br /> image<input type="text" name="image" /><br /> description<input type="text" name="description" /><br /> <input type="submit" name="button" value="Submit" /> </form> PHP file <?php include("hara.php");//my server credentials $db=mysql_connect($HOSTNAME, $USERNAME, $PASSWORD, $DATABASE)or die("Couldn`t connect to server"); mysql_select_db("paintings")or die("Couldn`t connect to database"); $query="insert into category (name, image, description) values ('".$_POST["name"]."', '".$_POST["image"]."', '".$_POST["description"]."')"; if(!$query)error_message(sql_error()); mysql_close($db); ?> Link to comment https://forums.phpfreaks.com/topic/175267-solved-basic-mysql-add-record-help-plz/ Share on other sites More sharing options...
nuttycoder Posted September 23, 2009 Share Posted September 23, 2009 check the post varibles see if they contain anything I would add them to a varible then make them safe from sql injection before using them in a query such as: $name = $_POST['name']; $image= $_POST['image']; $description= $_POST['description']; $name = mysql_real_escape_string($name); $image= mysql_real_escape_string($image); $description= mysql_real_escape_string($description); $query="insert into category (name, image, description) values ('$name','$image','$description' )"; Link to comment https://forums.phpfreaks.com/topic/175267-solved-basic-mysql-add-record-help-plz/#findComment-923744 Share on other sites More sharing options...
nrobi Posted September 23, 2009 Share Posted September 23, 2009 I recommend the same. I have a little loop I run on top of any script/webpage that inserts POST data. foreach($_POST as $k => $v) $_POST[$k] = mysql_real_escape_string($v); Of course if you prefer to copy the data into another array that's easily done in the loop as well. Another thing I've been doing is writing more robust functions for connecting to and querying MySQL databases. I would change your code so that $query holds the actual query string... and another variable, such as $result, holds the result of the query. On an error just print out the string to the screen or log file, depending on how private you need it to be. I've had MANY MANY MANY occurrences when MySQL fell silent just because I sent a query that was missing a ' or had an unset variable or some other thing I easily missed. Link to comment https://forums.phpfreaks.com/topic/175267-solved-basic-mysql-add-record-help-plz/#findComment-923758 Share on other sites More sharing options...
DavidAM Posted September 23, 2009 Share Posted September 23, 2009 $query="insert into category (name, image, description) values ('".$_POST["name"]."', '".$_POST["image"]."', '".$_POST["description"]."')"; if(!$query)error_message(sql_error()); you're not actually executing the query: $query="insert into category (name, image, description) values ('".$_POST["name"]."', '".$_POST["image"]."', '".$_POST["description"]."')"; // $query is the SQL string $res = mysql_query($query); if (! $res ) error_message(sql_error()); Link to comment https://forums.phpfreaks.com/topic/175267-solved-basic-mysql-add-record-help-plz/#findComment-923776 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.