magcr23 Posted June 19, 2015 Share Posted June 19, 2015 Ho guys, i have one page where i choose witch iten i want to update, and when the user press "alterar" it redirect to another page where there's a form that show's the values in database and let the user decide what he want update. But the update is not working. There's the code of the 2 pages: avaliacaoAlterar.php <?php require "verificauser.php"; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <title>Alterar Avaliações</title> <!-- Bootstrap Core CSS --> <link href="css/bootstrap.min.css" rel="stylesheet"> <!-- Custom CSS --> <link href="css/sb-admin.css" rel="stylesheet"> <!-- Morris Charts CSS --> <link href="css/plugins/morris.css" rel="stylesheet"> <!-- Custom Fonts --> <link href="font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css"> </head> <body> <div id="wrapper"> <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation"> <?php include("menuLateral.php"); include("menuTop.php"); ?> </nav> <div id="page-wrapper"> <div class="container-fluid"> <div class="row"> <div class="col-lg-12"> <div class="alert alert-info alert-dismissable"> <a href="avaliacao.php"> Avaliações Recentes</a> || <a href="avaliacaoPermitida.php">Avaliações Permitidas</a> || <a href="avaliacaoAlterar.php">Alterar Avaliações</a> </div> </div> </div> <?php $con=mysqli_connect("localhost","root","6794","website"); if (mysqli_connect_errno()){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $query = mysqli_query($con, "SELECT * FROM `avaliacao` "); $ln = mysqli_fetch_array($query); $avaliacao=$_GET['avaliacao']; $query2 = mysqli_query($con, "SELECT * FROM `avaliacao` WHERE id = $avaliacao"); $row = mysqli_fetch_array($query2); ?> <div id="page-wrapper"> <div class="container-fluid"> <table> <form action="alterar.php" method="POST"> <tr> <td>Número <input type="number" max="10" name="id" id="id" value='<?php echo $avaliacao ?>' required></td> </tr> <tr> <td> </td> </tr> <tr> <td>Nota <input type="number" name="nota" id="nota" value='<?php echo $row['nota']; ?>' required></td> </tr> <tr> <td> </td> </tr> <tr> <td>Comentário <textarea name="comentario" id="comentario" rows="1" cols="22" required><?php echo $row['comentario']; ?></textarea></td> </tr> <tr> <td> </td> </tr> <tr> <td><input type="submit" name="alterarAvaliacao" id="alterarAvaliacao"> </td> </tr> </form> </table> </div> </div> <?php mysqli_close($con); ?> </body> </html> alterar.php <?php $con=mysqli_connect("localhost","root","6794","website"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $id = $_POST["id"]; $nota = $_POST["nota"]; $comentario = $_POST["comentario"]; $update= "UPDATE avaliacao SET `nota` = $nota , comentario` = $comentario WHERE íd` = $id"; mysqli_query($con, $update); header('Location: inicio.php'); mysqli_close($con); ?> Can anyone help me? Quote Link to comment Share on other sites More sharing options...
maxxd Posted June 19, 2015 Share Posted June 19, 2015 You've got issues with the backticks and quotes in your update query. UPDATE avaliacao SET `nota` = '$nota' , `comentario` = '$comentario' WHERE `íd` = $id Honestly, you only need backticks when your table or column names are a reserved word, which I don't believe is the case here, so you shouldn't need them at all. All strings have to be enclosed in quotes. I've updated your query in red above. Of course, the bigger issue is that you've got no validation or sanitization at all. Quote Link to comment Share on other sites More sharing options...
Solution QuickOldCar Posted June 19, 2015 Solution Share Posted June 19, 2015 (edited) Try this query. $update= "UPDATE avaliacao SET nota = '{$nota}' , comentario = '{$comentario}' WHERE id = '{$id}'"; You should be checking if POST values are set, data are expecting and not empty, also escaping them. mysqli_real_escape_string edit: Maxxd beat me posting. Edited June 19, 2015 by QuickOldCar Quote Link to comment Share on other sites More sharing options...
magcr23 Posted June 19, 2015 Author Share Posted June 19, 2015 I had mysql_real_scape_string: <?php function limpa($valor){ return (mysql_real_escape_string(stripslashes($valor))); } ?> I'm converting all the website to mysqli, and i took the function off to be easly to search for errors. In the end i'll place them all. Thx for your help, with that $update= "UPDATE avaliacao SET nota = '{$nota}' , comentario = '{$comentario}' WHERE id = '{$id}'"; thx QuickOldCar. BTW, if you could convert my mysql_real_scape_string to mysqli would be great. Do i need only to place the i?? (mysql-->mysqli or do i need something else? I'm realy new in MySQLi... Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted June 19, 2015 Share Posted June 19, 2015 (edited) You have to pass the connection as well. $update= "UPDATE avaliacao SET nota = '{mysqli_real_escape_string($con,$nota)}' , comentario = '{mysqli_real_escape_string($con,$comentario)}' WHERE id = '{mysqli_real_escape_string($con,$id)}'"; Edited June 19, 2015 by QuickOldCar Quote Link to comment Share on other sites More sharing options...
magcr23 Posted June 19, 2015 Author Share Posted June 19, 2015 You have to pass the connection as well. $update= "UPDATE avaliacao SET nota = '{mysqli_real_escape_string($con,$nota)}' , comentario = '{mysqli_real_escape_string($con,$comentario)}' WHERE id = '{mysqli_real_escape_string($con,$id)}'"; I can't create a function like i did before? Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted June 19, 2015 Share Posted June 19, 2015 mysqli_real_escape_string requires the connection made first function limpa($con,$valor){ return mysqli_real_escape_string($con,$valor); } does this really save you making the function another function? Quote Link to comment Share on other sites More sharing options...
magcr23 Posted June 19, 2015 Author Share Posted June 19, 2015 mysqli_real_escape_string requires the connection made first function limpa($con,$valor){ return mysqli_real_escape_string($con,$valor); } does this really save you making the function another function? As i said before i'm new with MySQLi, just trying to understand it better and learn what is possible do with it and how. Thx for your help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.