Update

[ryan1234]

When a submit button is clicked it sends it to a page which contains the code below. It also sends 'id'.

 

I've been trying to update a table in the database using the code below but it doesn't seem to be working.

 

I think it's something to do with the line: WHERE id = " . $row_id ;

 

$row_id = $_GET['id'];


$sql = "UPDATE newsitems
 SET headline = :h,
 author = :a,
 story = :s,
 image = :i
 WHERE id = " . $row_id ;
$query = $handle->prepare($sql);

 

Any ideas?

 

Thanks.

[Stooney]

Try:

 

$row_id = $_GET['id'];


$sql = "UPDATE newsitems
 SET headline = :h,
 author = :a,
 story = :s,
 image = :i
 WHERE id = '$row_id'" ;
$query = $handle->prepare($sql);

[Beeeeney]

Do a var_dump() on the $_GET array.

 

Are you using method="get" on your form?

 

Also, "doesn't seem to be working" is a bit vague. What exactly is the problem?

[ryan1234]

Stooney tried what you said, didn't work.

 

It sends the id like this:

 

update.php?id=.........

 

It's not updating the table, not too sure the exact problem.

[mrMarcus]

Post your form please.

 

EDIT: When you say it "sends the id like this: update.php?id=.........." does id= actually have an id appended to it as a value? E.g. update.php?id=12345

 

Posting a series of dots is not helpful.

 

Do you have an `id` column in the table? Are you sure?

Edited December 10, 2012 by mrMarcus

[ryan1234]

<form action="editphp.php?id=<?php echo $row['id']; ?>" method="POST">
Headline: <input type="text" name="headline" class="editblog" id="editheadline" value="<?php print $results['headline']; ?>"><br>
Author: <input type="text" name="author" value="<?php print $results['author']; ?>"><br>
Image (URL): <input type="text" name="image" value="<?php print $results['image']; ?>"><br>
Story: <br><textarea cols="60" rows="20"  id="editstory"><?php print $results['story']; ?></textarea><br>
<input type="submit" value="Submit">
</form>

[Beeeeney]

You have method="post" and on the next page, you're trying to get it with $_GET.

[mrMarcus]

You have method="post" and on the next page, you're trying to get it with $_GET.

 

$_GET['id'] will still be retrievable.

 

@ryan1234 - if you view the page source of your form is id= populated with the expected value/id ($row['id'])?

[ryan1234]

Not one it is redirected back to the same page when the button is clicked.

[mrMarcus]

Not one it is redirected back to the same page when the button is clicked.

 

Help us/me to help you. I asked you if when you view the page course of your form, does your form action have the desired value for the id parameter? E.g

 

<form action="editphp.php?id=<?php echo $row['id']; ?>" method="POST">     // is $row['id'] supplying an expected value when you view the browser source code?

[ryan1234]

Sorry, yeah it does.

[PFMaBiSmAd]

This is secondary to the problem you are having, but by putting the $row_id variable directly into the query being prepared, you are allowing sql injection, not preventing it.

 

One of the main points of using prepared query statements is to prevent sql injection. You would put a place holder into the query for the id value, then supply the actual value at the time the query is executed.

 

Edit: ^^^ Which I had already posted at the end of your last thread - http://forums.phpfreaks.com/topic/271784-show-row/#entry1398388

Edited December 11, 2012 by PFMaBiSmAd

[ryan1234]

$sql = "UPDATE newsitems
 SET headline = :h,
 author = :a,
 story = :s,
 image = :i
 WHERE id = :r" ;
$query = $handle->prepare($sql);


$params = array(":h" => $_POST['headline'], ":a" => $_POST['author'], ":s" => $_POST['story'], ":i" => $_POST['image'], ":r" => $row_id);
$query->execute($params);

[ryan1234]

Used error info and I get this message:

 

Array ( [0] => 00000 [1] => [2] => ) Error info: 1

[ryan1234]

Solved, I wasn't posting the id properly. Thanks for all your help.