WatsonN Posted October 11, 2010 Share Posted October 11, 2010 My code is supposed to update the table but it just wipes all the fields clean if (isset($_POST['Update'])){ // here we encrypt the password and add slashes if needed if (isset($_POST['add'])) { $_POST['element_1'] = addslashes($_POST['element_1']); $_POST['element_7_1'] = addslashes($_POST['element_7_1']); $_POST['element_7_2'] = addslashes($_POST['element_7_2']); $_POST['element_2'] = addslashes($_POST['element_2']); $_POST['element_3'] = addslashes($_POST['element_3']); $_POST['element_4'] = addslashes($_POST['element_4']); $_POST['element_5'] = addslashes($_POST['element_5']); $_POST['element_13'] = addslashes($_POST['element_13']); $_POST['element_11'] = addslashes($_POST['element_11']); $_POST['element_6'] = addslashes($_POST['element_6']); $_POST['element_12'] = addslashes($_POST['element_12']); $_POST['element_8'] = addslashes($_POST['element_8']); //------------------// $e1 = $_POST['element_1']; $e71 = $_POST['element_7_1']; $e72 = $_POST['element_7_2']; $e2 = $_POST['element_2']; $e3 = $_POST['element_3']; $e4 = $_POST['element_4']; $e5 = $_POST['element_5']; $e13 = $_POST['element_13']; $e11 = $_POST['element_11']; $e6 = $_POST['element_6']; $e12 = $_POST['element_12']; $e8 = $_POST['element_8']; } mysql_real_escape_string($update = "UPDATE `YBK_Ads` SET `BSN` = '{$e1}', `CNF` = '{$e71}', `CNL` = '{$e72}', `ADD` = '{$e2}', `CITY` = '{$e3}', `STATE` = '{$e4}', `ZIP` = '{$e5}', `AS` = '{$e13}', `PT` = '{$e11}', `CN` = '{$e6}', `BY` = '{$e12}', `ACI` = '{$e8}' WHERE `ID` = '{$_POST['id']}'");mysql_query($update) or die( 'Query string: ' . $update . '<br />Produced an error: ' . mysql_error() . '<br />' );//header("Location: http://ybk.watsonn.com/list.php");} Quote Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/ Share on other sites More sharing options...
ialsoagree Posted October 11, 2010 Share Posted October 11, 2010 You're not using "mysql_real_escape_string" properly. You need to escape the data that is going into the database. Your use of mysql_real_escape_string actually doesn't do anything, because you don't save the result to a variable. In fact, the entire "addslashes" list at the beginning of your code is not needed, you can simply do: if (isset($_POST['add'])) { $e1 = mysql_real_escape_string($_POST['element_1']); // etc.}$update = '/* your update statement here - no need for mysql_real_escape_string anywhere here! */';mysql_query($update) or die('/* your error message here */'); Quote Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/#findComment-1120927 Share on other sites More sharing options...
WatsonN Posted October 11, 2010 Author Share Posted October 11, 2010 Thank ya much, works perfectly. if (isset($_POST['Update'])){ $e71 = mysql_real_escape_string($_POST['element_7_1']); $e72 = mysql_real_escape_string($_POST['element_7_2']); $e2 = mysql_real_escape_string($_POST['element_2']); $e3 = mysql_real_escape_string($_POST['element_3']); $e4 = mysql_real_escape_string($_POST['element_4']); $e5 = mysql_real_escape_string($_POST['element_5']); $e13 = mysql_real_escape_string($_POST['element_13']); $e11 = mysql_real_escape_string($_POST['element_11']); $e6 = mysql_real_escape_string($_POST['element_6']); $e12 = mysql_real_escape_string($_POST['element_12']); $e8 = mysql_real_escape_string($_POST['element_8']); $update = "UPDATE `YBK_Ads` SET `CNF` = '{$e71}', `CNL` = '{$e72}', `ADD` = '{$e2}', `CITY` = '{$e3}', `STATE` = '{$e4}', `ZIP` = '{$e5}', `AS` = '{$e13}', `PT` = '{$e11}', `CN` = '{$e6}', `BY` = '{$e12}', `ACI` = '{$e8}' WHERE `ID` = '{$_POST['id']}'"; mysql_query($update) or die( 'Query string: ' . $update . '<br />Produced an error: ' . mysql_error() . '<br />' ); header("Location: http://ybk.watsonn.com/list.php"); } Quote Link to comment https://forums.phpfreaks.com/topic/215580-form-update-sql/#findComment-1120931 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.