WatsonN Posted October 11, 2010 Share Posted October 11, 2010 My code is supposed to update the table but it just wipes all the fields clean if (isset($_POST['Update'])){ // here we encrypt the password and add slashes if needed if (isset($_POST['add'])) { $_POST['element_1'] = addslashes($_POST['element_1']); $_POST['element_7_1'] = addslashes($_POST['element_7_1']); $_POST['element_7_2'] = addslashes($_POST['element_7_2']); $_POST['element_2'] = addslashes($_POST['element_2']); $_POST['element_3'] = addslashes($_POST['element_3']); $_POST['element_4'] = addslashes($_POST['element_4']); $_POST['element_5'] = addslashes($_POST['element_5']); $_POST['element_13'] = addslashes($_POST['element_13']); $_POST['element_11'] = addslashes($_POST['element_11']); $_POST['element_6'] = addslashes($_POST['element_6']); $_POST['element_12'] = addslashes($_POST['element_12']); $_POST['element_8'] = addslashes($_POST['element_8']); //------------------// $e1 = $_POST['element_1']; $e71 = $_POST['element_7_1']; $e72 = $_POST['element_7_2']; $e2 = $_POST['element_2']; $e3 = $_POST['element_3']; $e4 = $_POST['element_4']; $e5 = $_POST['element_5']; $e13 = $_POST['element_13']; $e11 = $_POST['element_11']; $e6 = $_POST['element_6']; $e12 = $_POST['element_12']; $e8 = $_POST['element_8']; } mysql_real_escape_string($update = "UPDATE `YBK_Ads` SET `BSN` = '{$e1}', `CNF` = '{$e71}', `CNL` = '{$e72}', `ADD` = '{$e2}', `CITY` = '{$e3}', `STATE` = '{$e4}', `ZIP` = '{$e5}', `AS` = '{$e13}', `PT` = '{$e11}', `CN` = '{$e6}', `BY` = '{$e12}', `ACI` = '{$e8}' WHERE `ID` = '{$_POST['id']}'");mysql_query($update) or die( 'Query string: ' . $update . '<br />Produced an error: ' . mysql_error() . '<br />' );//header("Location: http://ybk.watsonn.com/list.php");} Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/ Share on other sites More sharing options...
ialsoagree Posted October 11, 2010 Share Posted October 11, 2010 You're not using "mysql_real_escape_string" properly. You need to escape the data that is going into the database. Your use of mysql_real_escape_string actually doesn't do anything, because you don't save the result to a variable. In fact, the entire "addslashes" list at the beginning of your code is not needed, you can simply do: if (isset($_POST['add'])) { $e1 = mysql_real_escape_string($_POST['element_1']); // etc.}$update = '/* your update statement here - no need for mysql_real_escape_string anywhere here! */';mysql_query($update) or die('/* your error message here */'); Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/#findComment-1120927 Share on other sites More sharing options...
WatsonN Posted October 11, 2010 Author Share Posted October 11, 2010 Thank ya much, works perfectly. if (isset($_POST['Update'])){ $e71 = mysql_real_escape_string($_POST['element_7_1']); $e72 = mysql_real_escape_string($_POST['element_7_2']); $e2 = mysql_real_escape_string($_POST['element_2']); $e3 = mysql_real_escape_string($_POST['element_3']); $e4 = mysql_real_escape_string($_POST['element_4']); $e5 = mysql_real_escape_string($_POST['element_5']); $e13 = mysql_real_escape_string($_POST['element_13']); $e11 = mysql_real_escape_string($_POST['element_11']); $e6 = mysql_real_escape_string($_POST['element_6']); $e12 = mysql_real_escape_string($_POST['element_12']); $e8 = mysql_real_escape_string($_POST['element_8']); $update = "UPDATE `YBK_Ads` SET `CNF` = '{$e71}', `CNL` = '{$e72}', `ADD` = '{$e2}', `CITY` = '{$e3}', `STATE` = '{$e4}', `ZIP` = '{$e5}', `AS` = '{$e13}', `PT` = '{$e11}', `CN` = '{$e6}', `BY` = '{$e12}', `ACI` = '{$e8}' WHERE `ID` = '{$_POST['id']}'"; mysql_query($update) or die( 'Query string: ' . $update . '<br />Produced an error: ' . mysql_error() . '<br />' ); header("Location: http://ybk.watsonn.com/list.php"); } Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/#findComment-1120931 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.