raggy99 Posted January 9, 2016 Share Posted January 9, 2016 Hi All, I'm trying to update a record. O have been following tutorials, however now i'm getting a 500 error. not sure why. I was getting the page to disply at one stage with do data from sql. Now nothing. I hope you can help. Original Data (works fine) <!doctype html> <html> <head> <meta charset="utf-8"> <title>View PI</title> </head> <body> <?php include 'db.php'; $query = "SELECT * FROM PI WHERE Status ='Open' OR Status ='Locked' ORDER BY PIName"; $result = mysql_query($query); echo "<table width='400px' border='1'>"; echo "<tr> <th>PI Name</th> <th>Date</th> <th>Status</th> <th>Edit</th> </tr>"; while($row=mysql_fetch_array($result)) { echo "<tr><td align='center'>"; echo $row['PIName']; echo "</td><td align='center'>"; echo $row['MonthYear']; echo "</td><td align='center'>"; echo $row['Status']; echo "</td><td align='center'>"; echo "<a href=\"updatepi.php?PIID=" . $row['PIID'] . "\">Edit</a>"; echo "</td></tr>"; } echo "</table>"; ?> </body> </html> Update data (500 error) <html> <?php include 'db.php'; $query = "SELECT * FROM PI WHERE PIID ='$PIID'"; $result = mysql_query($query); $PI = mysql_fetch_array($result) or die(mysql_error()); mysql_close(); $i=0; While($i< $num) { $PIname=mysql_result($result,$PI,['PIname']); $monthyear=mysql_result($result,$PI,['monthyear']); $status=mysql_result($result,$PI,['status']); } ?> <body> <form action="" method="Post"> <input type="hidden" name="PIupdate" value="<? echo $PIID; ?>"> PI Name: <input type="text" name="PIname" value="<? echo $PIname; ?>"><br> PI Date: <input type="text" name="monthyear" value="<? echo $first; ?>"><br> PI Status: <input type="text" name="status" value="<? echo $status; ?>"><br> <input type="Submit" value="Save"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
requinix Posted January 9, 2016 Share Posted January 9, 2016 If you're getting a 500 error then it means you don't have your PHP installation properly set up for development. You are doing this on your own computer and not on a live site, right? Find your php.ini and change two settings: error_reporting = -1 display_errors = onThen restart your web server and try the page again. You should see an error message. Jumping ahead a bit, what version of PHP are you using? Quote Link to comment Share on other sites More sharing options...
raggy99 Posted January 9, 2016 Author Share Posted January 9, 2016 no, php is installed and working. I'm working on a live site. I have been able to pull the data, however when i created the update page I get a 500 error. I am able to store other data to other tables. and to this table. Quote Link to comment Share on other sites More sharing options...
requinix Posted January 9, 2016 Share Posted January 9, 2016 no, php is installed and working.Clearly. But that's not what I asked about. I'm working on a live site.Stop doing that. Set up a development environment on your own computer so you can do whatever you want to your code without having to worry about what is happening on the live site. No one will take you seriously as a PHP developer if you keep working directly on your live site. I have been able to pull the data, however when i created the update page I get a 500 error. I am able to store other data to other tables. and to this table. I'm sure. But, again, that's not what I'm asking about. 1. You are getting a 500 page. A 500 page means PHP is crashing. It is crashing because there is an error. You see the 500 page because PHP is not showing you the error message. You need to see the error message to know what is wrong. You cannot fix the problem if you do not know what the problem is. So change those two settings, perhaps with a custom php.ini or with .htaccess settings or with whatever other mechanism your hosting provider gives you to change PHP settings. Then try the page again. 2. What version of PHP are you using? If you do not know then you can use phpinfo. Quote Link to comment Share on other sites More sharing options...
raggy99 Posted January 9, 2016 Author Share Posted January 9, 2016 I have amended the code new code <!doctype html> <html> <head> <meta charset="utf-8"> <title>Update PI</title> </head> <body> <?php include 'db.php'; $query = "SELECT * FROM PI"; $result = mysqli_query($query) or die(mysqli_error()); ?> <form action="<?php $_PHP_SELF ?>" method="Post"> <?php while($row = mysqli_fetch_array($result)) { $PIname=$row['PIname']; $monthyear=$row['monthyear']; $status=$row['status']; ?> <input type="hidden" name="PIupdate" value="<? echo $PIID; ?>"> PI Name: <input type="text" name="PIname" value="<? echo $PIname; ?>"><br> PI Date: <input type="text" name="monthyear" value="<? echo $monthyear; ?>"><br> PI Status: <input type="text" name="status" value="<? echo $status; ?>"><br> <input type="Submit" value="Save"> <?php if(isset($_POST['update'])) { $PIname=$_POST['PIname']; $monthyear=$_POST['monthyear']; $status=$_POST['status']; $sql=mysqli_query ("UPDATE PI SET PIName='$PIname', MonthYear='$monthyear', Status='$status' WHERE PIID='$PIID'"); $retval = mysqli_query($sql); if(! $retval ) { die('Could not update data: ' . mysqli_error()); } echo "Updated data successfully"; }} ?> </body> </html> i was able to get the error message from the log. [09-Jan-2016 10:23:22] PHP Warning: mysqli_query() expects at least 2 parameters, 1 given in /home3/public_html/pitaker/admin/updatepi.php on line 12 [09-Jan-2016 10:23:22] PHP Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home3/public_html/pitaker/admin/updatepi.php on line 12 Regarding live site. it is not actually a live site... as in people going to it. it's just my domain. However i do understand that if it was a live site, i would have a production instance and a testing instance. maybe even a dev instance. Thank you for your assistance in helping a big noob. Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 9, 2016 Share Posted January 9, 2016 (edited) Isnt it great how php will tell you exactly what is wrong when you ask it to? My guess is that you took old mysql and just added an "i" to the end which will not work. Go look up a basic mysqli connection example and you will see what you are missing. You really shouldn't need us to tell you the problem at this point. http://www.w3schools.com/php/func_mysqli_query.asp Edited January 9, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
raggy99 Posted January 9, 2016 Author Share Posted January 9, 2016 Thank you, i have been able to see the data. However now i have a syntex error. I have looked through the code and all the " and ; looks ok to a novice. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 line 1 is <!doctype html> Code <!doctype html> <html> <head> <meta charset="utf-8"> <title>Update PI</title> </head> <body> <?php include 'db.php'; $query = "SELECT * FROM PI WHERE PIID=$_GET[PIID]"; $result = mysql_query($query) or die(mysql_error()); ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table width="600"> <tr> <?php while($row = mysql_fetch_array($result)) { $PIName=$row['PIName']; $MonthYear=$row['MonthYear']; $Status=$row['Status']; ?> <td>PI Name</td> <td><input type="text" name="PIName" value="<? echo $PIName; ?>"><br></td> </tr> <tr> <td>Month-Year</td> <td><input type="text" name="MonthYear" value="<? echo $MonthYear; ?>"><br></td> </tr> <tr> <td>Status</td> <td><input type="text" name="Status" value="<? echo $Status; ?>"><br></td> </tr> <tr> <td>Click Save</td> <td><input name="update" type="Submit" value="Save"></td> </tr> </table> <?php } ?> <?php if(isset($_POST['update'])); { $PIName=$_POST['PIName']; $MonthYear=$_POST['MonthYear']; $Status=$_POST['Status']; $sql=mysql_query ("UPDATE PI SET PIName='$PIName', MonthYear='$MonthYear', Status='$Status' WHERE PIID='PIID'"); $retval = mysql_query($sql); if(! $retval ) { die('Could not update data: ' . mysql_error()); } echo "Updated data successfully"; } ?> </body> </html> What have I missed Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 9, 2016 Share Posted January 9, 2016 (edited) I see a few problems. Line one isnt what you think it is. Missing curly braces SELECT * FROM PI WHERE PIID={$_GET[PIID]} Is $_GET[PIID] a number or something else? Do not EVER use $_SERVER['PHP_SELF']. It is vulnerable to SQL Injection. Use $_SERVER['SCRIPT_NAME'] Why in the world did you go back to using deprecated code when you where using Mysqli? And stop mixing your case all over the place. Always use lower case. Edited January 9, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 9, 2016 Share Posted January 9, 2016 (edited) The code is vulnerable to pretty much every attack known to man. And since you had the ingenious idea of putting this stuff on a public webserver, your machine is now open to anybody who can type “sqlmap” on their keyboard. I wouldn't be surprised if your code is being exploited right now. Since you seem to think that requinix' warning was just a joke, I'll put this more bluntly: Stop it right now. This is much more serious than your little toy website throwing errors. You're putting everybody at risk, and if you keep doing that, you will get into trouble. So shut down your server, do a factory reset and don't even think about uploading your code until you actually know what you're doing. It's great that you want to learn PHP, but you do not ever use a public server as your personal playground. Install XAMPP on your PC. Edited January 9, 2016 by Jacques1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.