Mysql/PHP problem *FIXED*

[sk1tL1L]

The Code:
[quote]<?php
$email=$_POST['email'];
$msn=$_POST['msn'];
$icq=$_POST['icq'];
$aim=$_POST['aim'];
$avatar=$_POST['avatar'];
$query = "UPDATE `user_system` SET `msn` = '$msn', `icq` = '$icq', `aim` = '$aim', email = '$email' WHERE `user_system`.`id` = '$member_id' LIMIT 1 ;";
$result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error());
// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='mc.php'>Back to Member Control</a>";
}

else {
echo "Error! Please Try Again<br>";
echo $result;
}
?>[/quote]
And it does not enter the data into the database, if i had something in the field already when i submit the update it does not work. The data from the form is not put into the database

[trq]

What error are you getting?

And please... a little more descriptive with your tittles, this is a php help forum, we assume you want help.

[CheesierAngel]

Try to change your query to:

[code]

$query = "UPDATE `user_system` SET `msn` = '$msn', `icq` = '{$icq}', `aim` = '{$aim}', email = '{$email}' WHERE `user_system`.`id` = '{$member_id}'";

[/code]

Why LIMIT 1 ?? Are there multiple records with the same id ?
(If so, why call it id ?)

[ataria]

Why LIMIT 1 ?? Are there multiple records with the same id ?
(If so, why call it id ?)

I sometimes do that.
you never know, it may like pull out two by glitch..
low chance... but it doesn't hurt to have it.

[CheesierAngel]

If you create your table with a unique index on that column, you don't have to think
about this again. MySQL will reject your insertion if you want to insert a second (already excisting) record with the same id

[HuggieBear]

It can also add to the security features by using LIMIT, even if you know there's only going to be one row.  If you've forgotten to sanitise your input by using something like mysql_real_escape_string() then it will limit the damage.

Take the sql you have there as an example...

[code=php:0]$query = "UPDATE `user_system`
                  SET `msn` = '$msn',
                        `icq` = '{$icq}',
                        `aim` = '{$aim}',
                        `email` = '{$email}'
              WHERE `user_system`.`id` = '{$member_id}'";[/code]

Now imagine that I passed [color=red]%' OR ' '=' [/color] as the [color=green]member_id[/color] parameter.

That's going to make my SQL look like this:

[code=php:0]$query = "UPDATE `user_system`
                  SET `msn` = '$msn',
                        `icq` = '{$icq}',
                        `aim` = '{$aim}',
                        `email` = '{$email}'
              WHERE `user_system`.`id` = '%' OR ' '=' '";[/code]

By my calculation that's going to corrupt every single row in your database, by putting LIMIT in there, only one line at a time can be destroyed.

Regards
Huggie

[sk1tL1L]

its still not working, i've even rebuilt the database.
When i click submit on the form. It goes though but does not put the information from the form into the database. If there's something in that row it will be deleted eg.

BEFORE FORM UPDATED
__________________________________________
| msn                                    |  icq              |
|[email protected] | 55674466      |
_________________________________________

AFTER
_________________________________________
| msn                                    |  icq              |
|                                          | 55674466      |
_________________________________________

The MSN Field was updated, but the data was not inserted.