Mickeyatty Posted August 31, 2018 Share Posted August 31, 2018 Hi, I am stumped, my code just gives me the error "Could not update data". I can't see any issues with my code, so I need another set of eyes. I am not getting any syntax error. Can anyone help point me where I have missed something? -Thanks <?php if(isset($_POST['update'])) { $dbhost = 'mysql'; $dbuser = 'user'; $dbpass = 'pass'; $conn = mysqli_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysqli_error()); } $id = $_POST['id']; $title = $_POST['title']; $sqli = "UPDATE test ". "SET title = $title ". "WHERE id = $id" ; mysqli_select_db('test'); $retval = mysqli_query( $sqli, $conn ); if(! $retval ) { die('Could not update data: ' . mysqli_error()); } echo "Updated data successfully\n"; mysqli_close($conn); }else { ?> <form method = "post" action = "<?php $_PHP_SELF ?>"> <table width = "400" border =" 0" cellspacing = "1" cellpadding = "2"> <tr> <td width = "100">ID</td> <td><input name = "id" type = "text" id = "id"></td> </tr> <tr> <td width = "100">Title</td> <td><input name = "title" type = "text" id = "title"></td> </tr> <tr> <td width = "100"> </td> <td> </td> </tr> <tr> <td width = "100"> </td> <td> <input name = "update" type = "submit" id = "update" value = "Update"> </td> </tr> </table> </form> <?php } ?> Link to comment Share on other sites More sharing options...
benanamen Posted September 1, 2018 Share Posted September 1, 2018 This is some very poorly written and dangerous code. You never ever put variables in a query. You are wide open to an SQL Injection Attack. PHP_SELF is also vulnerable to an attack. You need to use Prepared Statements and get rid of the action altogether for starters. And stop outputting internal system errors to the user. Link to comment Share on other sites More sharing options...
Mickeyatty Posted September 1, 2018 Author Share Posted September 1, 2018 yeah, i know. I am trying to learn how to create update scripts. I start with the basic concept then build off. Link to comment Share on other sites More sharing options...
requinix Posted September 1, 2018 Share Posted September 1, 2018 This clearly used to be mysql code. I can tell because all you did was add the 'i's without considering what else might have changed. Like the arguments to pass to the various functions. Read the documentation for the functions you're misusing and try again. Link to comment Share on other sites More sharing options...
Mickeyatty Posted September 1, 2018 Author Share Posted September 1, 2018 I found it online. Just wanted a simple code to use to test a sql update. I have created a prepared stmt script. No help is needed on this. Link to comment Share on other sites More sharing options...
dalecosp Posted September 7, 2018 Share Posted September 7, 2018 Instead of just dumping mysqli_error(), also dump the statement you tried to make. See if you can see why it wouldn't work. If necessary, try it against a test database. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.