Jump to content

Recommended Posts

Hi All,

 

I'm trying to update a record. O have been following tutorials, however now i'm getting a 500 error. not sure why. I was getting the page to disply at one stage with do data from sql. Now nothing.

 

I hope you can help. 

 

Original Data (works fine)

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>View PI</title>
</head>
<body>
<?php
	include 'db.php'; 

$query = "SELECT * FROM PI WHERE Status ='Open' OR Status ='Locked' ORDER BY PIName";

$result = mysql_query($query);

echo "<table width='400px' border='1'>";
echo "<tr> <th>PI Name</th> <th>Date</th> <th>Status</th> <th>Edit</th> </tr>";
while($row=mysql_fetch_array($result)) {
	echo "<tr><td align='center'>";
	echo $row['PIName'];
	echo "</td><td align='center'>"; 
	echo $row['MonthYear'];
	echo "</td><td align='center'>";	
	echo $row['Status'];
	echo "</td><td align='center'>";
	echo "<a href=\"updatepi.php?PIID=" . $row['PIID'] . "\">Edit</a>";
	echo "</td></tr>"; 	
}
echo "</table>";
?>
</body>
</html>

Update data (500 error)

<html>
<?php 
	include 'db.php'; 

$query = "SELECT * FROM PI WHERE PIID ='$PIID'";
	$result = mysql_query($query);
	$PI = mysql_fetch_array($result) or die(mysql_error());

	mysql_close();

$i=0;
While($i< $num) {
$PIname=mysql_result($result,$PI,['PIname']);
$monthyear=mysql_result($result,$PI,['monthyear']);
$status=mysql_result($result,$PI,['status']);
}
?>

<body>
<form action="" method="Post">
<input type="hidden" name="PIupdate" value="<? echo $PIID; ?>">
PI Name: <input type="text" name="PIname" value="<? echo $PIname; ?>"><br>
PI Date: <input type="text" name="monthyear" value="<? echo $first; ?>"><br>
PI Status: <input type="text" name="status" value="<? echo $status; ?>"><br>
<input type="Submit" value="Save">
</form>
</body>
</html>
Link to comment
https://forums.phpfreaks.com/topic/300242-500-error-while-trying-to-update-record/
Share on other sites

If you're getting a 500 error then it means you don't have your PHP installation properly set up for development. You are doing this on your own computer and not on a live site, right?

Find your php.ini and change two settings:

error_reporting = -1
display_errors = on
Then restart your web server and try the page again. You should see an error message.

 

Jumping ahead a bit, what version of PHP are you using?

no, php is installed and working.

Clearly. But that's not what I asked about.

 

I'm working on a live site.

Stop doing that. Set up a development environment on your own computer so you can do whatever you want to your code without having to worry about what is happening on the live site. No one will take you seriously as a PHP developer if you keep working directly on your live site.

 

I have been able to pull the data, however when i created the update page I get a 500 error. 

I am able to store other data to other tables. and to this table.

I'm sure. But, again, that's not what I'm asking about.

 

1. You are getting a 500 page. A 500 page means PHP is crashing. It is crashing because there is an error. You see the 500 page because PHP is not showing you the error message. You need to see the error message to know what is wrong. You cannot fix the problem if you do not know what the problem is. So change those two settings, perhaps with a custom php.ini or with .htaccess settings or with whatever other mechanism your hosting provider gives you to change PHP settings. Then try the page again.

2. What version of PHP are you using? If you do not know then you can use phpinfo.

I have amended the code

 

new code

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Update PI</title>
</head>
<body>
<?php
		include 'db.php'; 
		
$query	= "SELECT * FROM PI";
$result = mysqli_query($query) or die(mysqli_error());

?>
<form action="<?php $_PHP_SELF ?>" method="Post">
<?php
while($row = mysqli_fetch_array($result))
{
$PIname=$row['PIname'];
$monthyear=$row['monthyear'];
$status=$row['status'];
?>

<input type="hidden" name="PIupdate" value="<? echo $PIID; ?>">
PI Name: <input type="text" name="PIname" value="<? echo $PIname; ?>"><br>
PI Date: <input type="text" name="monthyear" value="<? echo $monthyear; ?>"><br>
PI Status: <input type="text" name="status" value="<? echo $status; ?>"><br>
<input type="Submit" value="Save">

<?php

if(isset($_POST['update']))
{
$PIname=$_POST['PIname'];
$monthyear=$_POST['monthyear'];
$status=$_POST['status'];

$sql=mysqli_query ("UPDATE PI SET PIName='$PIname', MonthYear='$monthyear', Status='$status' WHERE PIID='$PIID'");

$retval = mysqli_query($sql);
if(! $retval )
{
  die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully";

}}
?>
</body>
</html>

i was able to get the error message from the log.

[09-Jan-2016 10:23:22] PHP Warning:  mysqli_query() expects at least 2 parameters, 1 given in /home3/public_html/pitaker/admin/updatepi.php on line 12
[09-Jan-2016 10:23:22] PHP Warning:  mysqli_error() expects exactly 1 parameter, 0 given in /home3/public_html/pitaker/admin/updatepi.php on line 12

Regarding live site. it is not actually a live site... as in people going to it. it's just my domain. 

However i do understand that if it was a live site, i would have a production instance and a testing instance. maybe even a dev instance. 

 

Thank you for your assistance in helping a big noob. 

Isnt it great how php will tell you exactly what is wrong when you ask it to? My guess is that you took old mysql and just added an "i" to the end which will not work.

 

Go look up a basic mysqli connection example and you will see what you are missing. You really shouldn't need us to tell you the problem at this point.

 

http://www.w3schools.com/php/func_mysqli_query.asp

Edited by benanamen

Thank you, i have been able to see the data. 

 

However now i have a syntex error. I have looked through the code and all the " and ; looks ok to a novice. 

 

 

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

line 1 is 

<!doctype html>

Code

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Update PI</title>
</head>
<body>
<?php
		include 'db.php'; 
		
$query	= "SELECT * FROM PI WHERE PIID=$_GET[PIID]";
$result = mysql_query($query) or die(mysql_error());

?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table width="600">
<tr>
<?php
while($row = mysql_fetch_array($result))
{
$PIName=$row['PIName'];
$MonthYear=$row['MonthYear'];
$Status=$row['Status'];
?>
<td>PI Name</td>
<td><input type="text" name="PIName" value="<? echo $PIName; ?>"><br></td>
</tr>
<tr>
<td>Month-Year</td>
<td><input type="text" name="MonthYear" value="<? echo $MonthYear; ?>"><br></td>
</tr>
<tr>
<td>Status</td>
<td><input type="text" name="Status" value="<? echo $Status; ?>"><br></td>
</tr>
<tr>
<td>Click Save</td>
<td><input name="update" type="Submit" value="Save"></td>
</tr>
</table>

<?php } ?>



<?php

if(isset($_POST['update']));
{
$PIName=$_POST['PIName'];
$MonthYear=$_POST['MonthYear'];
$Status=$_POST['Status'];

$sql=mysql_query ("UPDATE PI SET PIName='$PIName', MonthYear='$MonthYear', Status='$Status' WHERE PIID='PIID'");

$retval = mysql_query($sql);
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully";

}
?>
</body>
</html>

What have I missed

I see a few problems. Line one isnt what you think it is. Missing curly braces

 

SELECT * FROM PI WHERE PIID={$_GET[PIID]}

 

Is $_GET[PIID]  a number or something else?

 

Do not EVER use $_SERVER['PHP_SELF']. It is vulnerable to SQL Injection. Use $_SERVER['SCRIPT_NAME']

 

 

Why in the world did you go back to using deprecated code when you where using Mysqli? And stop mixing your case all over the place. Always use lower case.

Edited by benanamen

The code is vulnerable to pretty much every attack known to man. And since you had the ingenious idea of putting this stuff on a public webserver, your machine is now open to anybody who can type “sqlmap” on their keyboard. I wouldn't be surprised if your code is being exploited right now.

 

Since you seem to think that requinix' warning was just a joke, I'll put this more bluntly:

 

Stop it right now. This is much more serious than your little toy website throwing errors. You're putting everybody at risk, and if you keep doing that, you will get into trouble. So shut down your server, do a factory reset and don't even think about uploading your code until you actually know what you're doing.

 

It's great that you want to learn PHP, but you do not ever use a public server as your personal playground. Install XAMPP on your PC.

Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.