Jump to content

Where have I gone wrong? Please take a look


Recommended Posts

I have a php page that sends post data to another page that is supposed to update the DB.  Here is the update page code

//Connect to MYSQL
$conn = mysqli_connect("localhost","root","","");

//Get Variables
$name = $_POST['keyname'];
$template = $_POST['templatename'];
$idk = $_POST['keyid'];
$type = $_POST['keytype'];
$value = $_POST['keyvalue'];
$label = $_POST['keylabel'];
$id = $_POST['id'];


$sql =("UPDATE keys SET keytype = '".$_POST['keytype']."',keyvalue= '".$_POST['keyvalue']."',keylabel= '".$_POST['keylabel']."' WHERE id = '".$_POST['id']."'");

if ($conn->query($sql) === TRUE) {
    echo "Record updated successfully";
} else {
    echo "Something is not right: " . $conn->error;

This was the last code I tried.  I got this when I ran the page:

Array ( [pid] => 34 [name] => 1stTemplate [key] => Line Key 2 [type] => 78 [value] => 2339 [label] => chance )

Something is not right: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'keys SET keytype = '',keyvalue= '',keylabel= '' WHERE id = ''' at line 1


I have a similar page that doesn't use the id number variable just a single id number for one record like this:

sql = "UPDATE global
SET serverlocalip= '$localip', serverwanip= '$wanip', timeserver1= '$tserver1', timeserver2= '$tserver2', timezone= '$timezone',
userloginpwd= '$userpsswrd', adminloginpwd= '$adminpsswd', vlanlanenabled= '$enablelanvlan',vlanpcenabled= '$enablepcvlan', vlanlanid= '$lanvlanid',
vlanpcid= '$pcvlanid', vlanlanpriority= '$lanvlanpriority', vlanpcpriority= '$pcvlanpriority'
WHERE id=1";

And it works fine.


If I put in values instead of the $Post variavbles from the array the update works fine.  I am sure I am missing something very basic, but I just can't see it.


Thanks in advance for any help

Link to comment
Share on other sites

There is no mystery to this. The debugging information in the print_r you added, shows you the problem.


The $_POST has none of the keys you are trying to interpolate into the sql statement.


But as Jacques1 asked, why aren't you using bind variable and prepared statements? In the time it takes you to resolve this, you could change your code and have improved the quality and security of your system.

Link to comment
Share on other sites

I may have signed up 10 years ago but doing this isn't my day job.  I get into it when needed  I fail to understand why the second example I gave works and the first one does.  They both use $_post info.  I do not understand using bind variables and prepared statements.  

Link to comment
Share on other sites

In the original post, you mentioned that print_r() gives you the following:

Array (
    [pid] => 34
    [name] => 1stTemplate 
    [key] => Line Key 2 
    [type] => 78 
    [value] => 2339 
    [label] => chance
The text in the square brackets is what's available for the array keys in $_POST. For example: 




They both use $_post info.


The array keys available in $_POST are based on however you name the input fields in your form. The following page provides information about how PHP works with forms:


Link to comment
Share on other sites

Hopefully you are well on the way to switching to the PDO extension and using prepared queries but...


In you original post you ask why one situation works and the other doesn't.  This is apples-and-oranges.  The two are completely unrelated.  Your first query statement is asking for values that apparently don't exist.  Where is 'keytype' or 'keyvalue' defined since they don't show up on your print_r output (if you posted THAT correctly.


PS - your second query statement (the orange) is flawed but that is probably because you copied it in here wrong.


PPS - Do you have php error checking turned on?  See my signature.


But most of all - DO make the PDO switch.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.