CRAZY PHP problem! - explination with lots of pics

[Freedom-n-Democrazy]

I am having a problem I have encounted like no other. I am running a MySQL query from PHP and for some bizarre reason, its just not working... Ok, that sounds really general. lol

 

 

To start off, here is my database:

http://i56.tinypic.com/2hh0up1.png

 

 

I am writing my own user interface with HTML/PHP/MySQL for every day catalog management:

http://i54.tinypic.com/axxsb7.png

 

 

To catalog a product is done from here (this page works):

http://i51.tinypic.com/2e0qs7s.png

 

ETC ...

<FORM action="result.html" enctype="multipart/form-data" method="post">

... ETC

ETC ...

Name: <INPUT name="name" type="text">
<BR>
Brand: <INPUT name="brand" type="text">
<BR>
Country of origin: <INPUT name="country" type="text">
<BR>
Material: <INPUT name="material" type="text">
<BR>
Primary colour: <INPUT name="primarycolour" type="text">

... ETC

 

result.html:

 

ETC ...

$query = "INSERT INTO products(name, brand, country, material, primarycolour) VALUES('".$_POST['name']."', '".$_POST['brand']."', '".$_POST['country']."', '".$_POST['material']."', '".$_POST['primarycolour']."')";

... ETC

 

 

To alter a product, you enter in a product ID:

http://i56.tinypic.com/2lcsqch.png

 

<FORM action="dataentry.html" method="post">
<DIV class="drop">Alter product ID: <INPUT name="id" type="text">&nbsp&nbsp&nbsp <INPUT type="submit" value="Submit"></DIV>

 

 

The data entry page pulls all the values from the MySQL database and populates them into the INPUT fields, so the user does not have to write them all again:

http://i56.tinypic.com/2zh0hgn.png

 

... ETC

echo '<FORM action="result.html" enctype="multipart/form-data" method="post">';

ETC ...

... ETC

echo 'Name:'; $query = "select name from products where id=".$_POST['id'].""; $result = mysql_query($query); $row = mysql_fetch_array($result); echo ' <INPUT name="name" type="text" value="'.$row['name'].'">';
echo $query;

ETC ...

 

 

I will now change the value of "Name" from 'a' to 'c' and submit the changes:

http://i55.tinypic.com/dzi9hc.png

http://i54.tinypic.com/ab5lyg.png

 

 

Now, you would think the result has been inserted into my database yeah? It failed... but when I enter the same command directly into MySQL. Success!

http://i51.tinypic.com/29z5y5x.png

 

 

Why the F is this happening?!

[Adam]

Could you show the PHP that actually updates the data?

[Freedom-n-Democrazy]

<?php

$link = mysql_connect('localhost', 'testusr', 'testpw');

mysql_select_db('testdb', $link);

$query = "UPDATE `products` set `id` = '".$_POST['id']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `category` = '".$_POST['category']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `name` = '".$_POST['name']."' where `id` = '".$_POST['id']."'";

echo $query;

$query = "UPDATE `products` set `brand` = '".$_POST['brand']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `country` = '".$_POST['country']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `material` = '".$_POST['material']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `primarycolour` = '".$_POST['primarycolour']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizes` = '".$_POST['sizes']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizem` = '".$_POST['sizem']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizel` = '".$_POST['sizel']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizexl` = '".$_POST['sizexl']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `price` = '".$_POST['price']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `pricerange` = '".$_POST['pricerange']."' where `id` = '".$_POST['id']."'";

mysql_query ($query);

mysql_close($link);

$target_path = "/var/www/https/test.com/products/".$_POST['fordir']."/".$_POST['category']."/".$_POST['id']."/";

$target_path = $target_path . basename($_FILES['front']['name']);

if (move_uploaded_file($_FILES['front']['tmp_name'], $target_path)) {

	basename($_FILES['front']['name']);}

echo 'Done.';

?>

[Adam]

mysql_query ($query);

 

It's quite possible there's an error with the query, but you're just not checking for it. Try this:

 

mysql_query($query) or trigger_error('MySQL Error: ' . mysql_error(), E_USER_ERROR);

if (mysql_affected_rows() > 0) {
    // add code to execute if successful
}

[Freedom-n-Democrazy]

The query:

http://i54.tinypic.com/ab5lyg.png

 

... was typed in directly to MySQL and it worked:

http://i51.tinypic.com/29z5y5x.png

 

... so it can't be a problem with the query.

 

Do you still want me to go ahead and add that code anyway?

[Muddy_Funster]

yes please

[Freedom-n-Democrazy]

No change.

[PFMaBiSmAd]

You are only executing the last query, the one that sets `pricerange`

 

You only have one mysql_query() statement and it executes the query that is in $query.

 

You should be forming one query that updates all the fields at one time, not a separate query for each field.

[tomfmason]

<?php

$link = mysql_connect('localhost', 'testusr', 'testpw');

mysql_select_db('testdb', $link);

$query = "UPDATE `products` set `id` = '".$_POST['id']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `category` = '".$_POST['category']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `name` = '".$_POST['name']."' where `id` = '".$_POST['id']."'";

echo $query;

$query = "UPDATE `products` set `brand` = '".$_POST['brand']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `country` = '".$_POST['country']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `material` = '".$_POST['material']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `primarycolour` = '".$_POST['primarycolour']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizes` = '".$_POST['sizes']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizem` = '".$_POST['sizem']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizel` = '".$_POST['sizel']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `sizexl` = '".$_POST['sizexl']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `price` = '".$_POST['price']."' where `id` = '".$_POST['id']."'";

$query = "UPDATE `products` set `pricerange` = '".$_POST['pricerange']."' where `id` = '".$_POST['id']."'";

mysql_query ($query);

mysql_close($link);

$target_path = "/var/www/https/test.com/products/".$_POST['fordir']."/".$_POST['category']."/".$_POST['id']."/";

$target_path = $target_path . basename($_FILES['front']['name']);

if (move_uploaded_file($_FILES['front']['tmp_name'], $target_path)) {

	basename($_FILES['front']['name']);}

echo 'Done.';

?>

 

In the code above you use several queries that are not needed and I don't see where you clean any user input.

 

You can update multiple columns from one query e.g.

UPDATE table SET field1='foo',field2='bar' WHERE something="Whatever";

 

 

You should make sure that you clean your input with mysql_real_escape_string and type cast any integers e.g.

 

<?php
$id = (int) $_POST['id'];
$category = mysql_real_escape_string($_POST['category']);
?>

 

 

Also, I am not really sure why you change the value of the ID

[Freedom-n-Democrazy]

I see!!!!!!! So, yet this makes perfect sense now! Yes! I will do this right now and let you guys know how I am going. TTYS!

[Freedom-n-Democrazy]

OMFG it worked! You guys are really fuckin good! Really!

 

Geeez, my code is based on using the same structured, lots of different queries when I could be using just 1. I have allot of re-writing to do.

 

Thanks again guys, you really have no idea how much your help meant to me. If you need a fav, just ask!