aolsucks Posted April 6, 2010 Share Posted April 6, 2010 my problem is im waiting to edit something from the database. i can get it to echo my data back into the form and i can edit it, but when i submit it it either goes blank or doesnt update i dont understand why. can anybody help me here is my AR_update.php script <body> <a href="allreviews.php"><----- Go Back </a> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="wearemetal"; // Database name $tbl_name="reviews"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // get value of id that sent from address bar $id=$_GET['id']; // Retrieve data from database $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <form id="form1" name="form1" method="post" action="AR_update_db.php"> <p align="left" class="style1">Artist:<br /> <label> <input name="artist" type="text" id="artist" value="<? echo $rows['artist']; ?>" size="60" /> </label> </p> <p align="left" class="style1">Album:<br /> <label> <input name="album" type="text" id="album" value="<? echo $rows['album']; ?>" size="60" /> </label> </p> <p align="left"><span class="style1">Browser Friendly URL </span>(cky-the-sleeping)<span class="style1"><br /> <label> <input name="urlfriend" type="text" id="urlfriend" value="<? echo $rows['urlfriend']; ?>"size="60" /> </label> </span></p> <p align="left" class="style1">Year:<br /> <label> <input type="text" name="year" id="year"value="<? echo $rows['year']; ?>" /> </label> </p> <p align="left"><span class="style1">Cover Link </span>(Direct Link)<br /> <label> <input name="cover" type="text" id="cover" value="<? echo $rows['cover']; ?>"size="60" /> </label> </p> <p align="left"><span class="style1">Myspace Link</span> (Direct Link)<br /> <label> <input name="myspace" type="text" id="myspace"value="<? echo $rows['myspace']; ?>" size="60" /> </label> </p> <p align="left" class="style1">Label<br /> <label> <input name="label" type="text" id="label" value="<? echo $rows['label']; ?>"size="40" /> </label> </p> <p align="left"><span class="style1">Label Link</span> (Direct Link)<br /> <label> <input name="labelweb" type="text" id="labelweb"value="<? echo $rows['labelweb']; ?>" size="60" /> </label> </p> <p align="left"><span class="style1">Review <br /> </span>(!! remember to put <br /> for link breaks !!)<br /> <label> <textarea name="content" id="content" cols="80" rows="8"><? echo $rows['content']; ?></textarea> </label> </p> <p align="left" class="style1">Rating<br /> <label> <input type="text" name="rating" id="rating"value="<? echo $rows['rating']; ?>" /> </label> </p> <label> <div align="left"> <td><input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"></td> <td align="center"><input type="submit" name="Submit" value="Submit"></td> </form> </body> and here is my AR_update_db.php file i dont think this is the problem but it could be <body> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="wearemetal"; // Database name $tbl_name="reviews"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql="UPDATE $tbl_name SET artist='$artist', album='$album', urlfriend='$urlfriend', year='$year', cover='$cover', myspace='$myspace', label='$label', labelweb='$labelweb', content='$content', rating='$rating' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='allreviews.php'>View result</a>"; } else { echo "ERROR"; } ?> </body> so does anyone have any idea's why my script wont update the database? or it just makes it blank? cheers Quote Link to comment Share on other sites More sharing options...
Jax2 Posted April 6, 2010 Share Posted April 6, 2010 You're not calling any of your variables. You need to call each one individually... I.e.: $artist=$_POST['artist']; $album=$_POST['album']; ...etc. Also, you're leaving yourself wide open for a world of pain later on if you're not cleaning any of your user inputted variables. Do a search on sanitizing user input variables and you'll find some nice examples. Quote Link to comment Share on other sites More sharing options...
Jax2 Posted April 6, 2010 Share Posted April 6, 2010 Oh, and you know you could keep this all on one page, right? I don't know if you split it for convenience or something, but you'd only have to call your database once. Simply use if (isset($_POST['Submit'])) { (form processing php here) } ... rest of page and change your forms action to the same page name. Just cuts down on files is all Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 6, 2010 Author Share Posted April 6, 2010 thanks buddy im totally new to this so its more trail and error than anything else but i will give that a shot. thanks Quote Link to comment Share on other sites More sharing options...
Jax2 Posted April 6, 2010 Share Posted April 6, 2010 Any time, let me know how it goes. Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 6, 2010 Author Share Posted April 6, 2010 do i want to be calling them here? <body> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="wearemetal"; // Database name $tbl_name="reviews"; // Table name $artist=$_POST['artist']; $album=$_POST['album']; etc............................... // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql="UPDATE $tbl_name SET artist='$artist', album='$album', urlfriend='$urlfriend', year='$year', cover='$cover', myspace='$myspace', label='$label', labelweb='$labelweb', content='$content', rating='$rating' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='allreviews.php'>View result</a>"; } else { echo "ERROR"; } ?> </body> Quote Link to comment Share on other sites More sharing options...
Jax2 Posted April 6, 2010 Share Posted April 6, 2010 That would be a fine place to call them. I'm a big stickler for keeping sites safe though, you should really get a cleaning function... You can use this one if you like, it works perfectly: Create a new php file, call it functions.php and put this in there: <?php function cleanInput($input) { $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments ); $output = preg_replace($search, '', $input); return $output; } function sanitize($input) { if (is_array($input)) { foreach($input as $var=>$val) { $output[$var] = sanitize($val); } } else { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } $input = cleanInput($input); $output = mysql_real_escape_string($input); } return $output; } ?> and then on the form processing page, AR_update_db.php, include the function file: include("functions.php"); and then call your post variables like this: $artist=sanitize($_POST['artist']); That way, if someone tries to add any malicious code into the variable (which they can easily do) this will check it, strip out the bad code and leave only what should be there, otherwise they can insert all kinds of crap into your database and onto your website. They can even gain access to private data and / or passwords if they're really good. This is a great prevention method. Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 6, 2010 Author Share Posted April 6, 2010 ahhhhhh okay thanks will go about sorting all that out and seeing what happens after. Quote Link to comment Share on other sites More sharing options...
Jax2 Posted April 6, 2010 Share Posted April 6, 2010 lol, sorry, I'm going overboard here, but one other thing you may want to consider ... you can set up a db.php file and not have to include your database info on every page. For example, my db.php looks like this: $host = "MyHost"; $username = "MyUserName"; $password = "MyPassword"; $dbname = "tsrecipe"; $prefix = "ts_"; $db = mysql_connect($host, $username, $password); and then I include db.php on each page. From then on, you can write all your queries something like this: $sql="Select * from ...."; $result=mysql_query($sql, $db); done. Nice and easy that way and saves you a LOT of time Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 6, 2010 Author Share Posted April 6, 2010 oh yeah ive just done that for testin on local host before taking it live i edit it out and put it into its own file. Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 7, 2010 Author Share Posted April 7, 2010 new problem lol ive called all my variables and it still wont update my database <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="wearemetal"; // Database name $tbl_name="reviews"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $artist=$_POST['artist']; $album=$_POST['album']; $urlfriend=$_POST['urlfriend']; $year=$_POST['year']; $cover=$_POST['cover']; $myspace=$_POST['myspace']; $label=$_POST['label']; $labelweb=$_POST['labelweb']; $content=$_POST['content']; $rating=$_POST['rating']; // update data in mysql database $sql="UPDATE $tbl_name SET artist='$artist', album='$album', urlfriend='$urlfriend', year='$year', cover='$cover', myspace='$myspace', label='$label', labelweb='$labelweb', content='$content', rating='$rating' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='allreviews.php'>View result</a>"; } else { echo "ERROR"; } ?> Quote Link to comment Share on other sites More sharing options...
aolsucks Posted April 7, 2010 Author Share Posted April 7, 2010 oh! i forgot to grab the $id from the address bar sorted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.