Jump to content

PHP Update Script Help


Mickeyatty

Recommended Posts

Hi,

I am stumped, my code just gives me the error "Could not update data". I can't see any issues with my code, so I need another set of eyes. I am not getting any syntax error. Can anyone help point me where I have missed something? -Thanks

 

<?php
         if(isset($_POST['update'])) {
            $dbhost = 'mysql';
            $dbuser = 'user';
            $dbpass = 'pass';
           
            $conn = mysqli_connect($dbhost, $dbuser, $dbpass);
           
            if(! $conn ) {
               die('Could not connect: ' . mysqli_error());
            }
           
   $id = $_POST['id'];
            $title = $_POST['title'];
           
            $sqli = "UPDATE test ". "SET title = $title ".
               "WHERE id = $id" ;
            mysqli_select_db('test');
            $retval = mysqli_query( $sqli, $conn );
           
            if(! $retval ) {
               die('Could not update data: ' . mysqli_error());
            }
            echo "Updated data successfully\n";
           
            mysqli_close($conn);
         }else {
            ?>
               <form method = "post" action = "<?php $_PHP_SELF ?>">
                  <table width = "400" border =" 0" cellspacing = "1"
                     cellpadding = "2">
                 
                     <tr>
                        <td width = "100">ID</td>
                        <td><input name = "id" type = "text"
                           id = "id"></td>
                     </tr>
                 
                     <tr>
                        <td width = "100">Title</td>
                        <td><input name = "title" type = "text"
                           id = "title"></td>
                     </tr>
                 
                     <tr>
                        <td width = "100"> </td>
                        <td> </td>
                     </tr>
                 
                     <tr>
                        <td width = "100"> </td>
                        <td>
                           <input name = "update" type = "submit"
                              id = "update" value = "Update">
                        </td>
                     </tr>
                 
                  </table>
               </form>
            <?php
         }
      ?>

Link to comment
Share on other sites

This is some very poorly written and dangerous code. You never ever put variables in a query. You are wide open to an SQL Injection Attack. PHP_SELF is also vulnerable to an attack.

You need to use Prepared Statements and get rid of the action altogether for starters. And stop outputting internal system errors to the user.

Link to comment
Share on other sites

This clearly used to be mysql code. I can tell because all you did was add the 'i's without considering what else might have changed. Like the arguments to pass to the various functions.

Read the documentation for the functions you're misusing and try again.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.