Doesn't update records

[raggy99]

Hello all,

 

my update page isn't updating the records.  Can anyone tell me what i'm doing wrong? Apart from using dreamweaver. When the page opens it shows all the data, When I change the data it don't update.

<?php 
define('DB_NAME', 'DB Name');
define('DB_USER', 'Username');
define('DB_PASSWORD', 'Password');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('?ould not connect: '. mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
	die('could not use ' . DB_NAME . ': ' . mysql_error());
}

if($_POST['Submit']){

$value=$_POST['taskid'];
$value2=$_POST['task'];
$value3=$_POST['description'];
$value4=$_POST['type'];
$value5=$_POST['datedue'];
$value6=$_POST['completed'];
mysql_query("update tasks set taskid = '$value', task = '$value2', description = '$value3', type = '$value4', datedue = '$value5', completed = '$value6' WHERE taskid = 'taskid' ");
header("location:viewalltasks.php");
exit;
}

$taskid=$_GET['taskid'];

$result=mysql_query("SELECT * from tasks where taskid='$taskid'");

$row=mysql_fetch_assoc($result);

mysql_close();

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Update</title>
</head>

<body>
<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
<table width="600" border="1">
  <tr>
    <td>Taskid</td>
    <td><?php echo $row['taskid']; ?></td>
  </tr>
  <tr>
    <td>Task</td>
    <td><input name="task" type="text" id="task" value="<? echo $row['task']; ?>"/></td>
  </tr>
  <tr>
    <td>Description</td>
    <td><textarea name="description" rows="5" id="description"><? echo $row['description']; ?></textarea></td>
  </tr>
  <tr>
    <td>Type</td>
    <td><input name="type" type="text" id="type" value="<? echo $row['type']; ?>"/></td>
  </tr>
  <tr>
    <td>Date</td>
    <td><input name="datedue" type="date" id="datedue" value="<? echo $row['datedue']; ?>"/></td>
  </tr>
  <tr>
    <td>Completed</td>
    <td><input <?php if (!(strcmp($row['completed'],"Yes"))) {echo "checked=\"checked\"";} ?> type="checkbox" name="checkbox" id="checkbox" /></td>
  </tr>
  <tr>
    <td> </td>
    <td><input type="Submit" name="Submit" value="Update" /></td>
  </tr>
</table>
</form> 
</body>
</html>

 

Thanks in advance

[jazzman1]

WHERE taskid = 'taskid'

to be 

WHERE taskid = $taskid

[MMDE]

There is many problems, especially if this is your unmodified code.

 

put this as your second line:

error_reporting(-1);

 

Please tell us all your errors and notices, but I'm sure there is at least one.

[raggy99]

I had the changes and it works 100%. I added the line, no errors came up on the webpage. will they show somewhere else?

[MMDE]

I had the changes and it works 100%. I added the line, no errors came up on the webpage. will they show somewhere else?

if($_POST['Submit']){

 

That isn't exactly the right way to do it.

If you want to check if it is set, then do so with the function, isset().

[cyberRobot]

It's highly recommended that you avoid using PHP_SELF as the form action.

 

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

 

 

You could hard code the value instead. PHP_SELF should be avoided for security reasons. For more information, see:

http://seancoates.com/blogs/xss-woes

 

 

 

If you haven't done so already, you should look into using htmlentities() to help prevent code injections.

 

<td><input name="task" type="text" id="task" value="<? echo htmlentities($row['task'], ENT_QUOTES); ?>"/></td>

[Christian F.]

You could hard code the value instead. PHP_SELF should be avoided for security reasons.

Alternatively, you can use this snippet to sanitize it.