andrew_biggart Posted December 1, 2009 Share Posted December 1, 2009 Ok so im trying to make a form where the user can update their status and when i do update it it just clears the information already in the table but doesnt replace it with the new information... Can anyone spot why? form : <table class="acc_status_bg" cellpadding="0" cellspacing="0" style="width: 506; height: 180"> <tr> <td> <?php include("config.php"); $username=$_GET['username']; // Retrieve data from database $sql="SELECT * FROM biggartfp9_user_infot WHERE Username='$username'"; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <form method="post" action="update_status.php?username=<?php echo "$username" ?>"> <table> <tr> <td class="acc_status_h">What are you doing right now? ?</td> <td class="acc_status_200">200</td> </tr> <tr> <td colspan="2" class="acc_status_input"> <textarea class="acc_status_textarea"name="TextArea1" rows="2" style="width: 478px"></textarea></td> </tr> <tr> <td colspan="2" class="acc_status_submit"> <input class="acc_status_update"name="Update" type="submit" value="Update"/> </td> </tr> <tr> <td colspan="2" class="acc_status_post"><?php echo $rows['Status']; ?></td> </tr> <tr> <td colspan="2" class="acc_status_posted">Posted on : <?php echo $rows['Status_date']; ?></td> </tr> </table> </form> <?php // close while loop } // close connection mysql_close(); ?> </td> </tr> </table> php : <?php include("config.php"); $name=$_GET['username']; $Status=$_POST['Status']; $sql="UPDATE biggartfp9_user_infot SET Status='$Status' WHERE Username='$name'"; $result=mysql_query($sql); // if successfully updated. if($result){ header("location:my_account.php?username=$name"); } else { echo "ERROR"; } // close connection mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted December 1, 2009 Share Posted December 1, 2009 i don't see an input field for Status. you need to create a field: <input type="whatever" name="[b]Status[/b]" /> as well, change this line: $result=mysql_query($sql); to: $result=mysql_query($sql) or trigger_error (mysql_error()); AND use mysql_real_escape_string(); $name=mysql_real_escape_string ($_GET['username']); $Status=mysql_real_escape_string ($_POST['Status']); Quote Link to comment Share on other sites More sharing options...
aeroswat Posted December 1, 2009 Share Posted December 1, 2009 You don't have anywhere in your html form a control with the name status as far as I can see... The PHP POST variable that is supposed to return status of course will wind up blank in that situation. I'm guessing it is the "TextArea1" that you are trying to use to update with. In this case you must name this Status Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted December 1, 2009 Author Share Posted December 1, 2009 thankyou that has worked!!! just so i know what does this do? AND use mysql_real_escape_string(); $name=mysql_real_escape_string ($_GET['username']); $Status=mysql_real_escape_string ($_POST['Status']); Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted December 1, 2009 Share Posted December 1, 2009 Link: mysql_real_escape_string() Escapes special characters in the unescaped_string ' date=' taking into account the current character set of the connection so that it is safe to place it in a mysql_query() ... mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.[/quote'] basically, it helps make the inputted variables safe® against SQL injections within your database queries. check out Example#2 in the manual for more on why this is useful. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.