Jump to content
Mickeyatty

PHP Update Script Help

Recommended Posts

Hi,

I am stumped, my code just gives me the error "Could not update data". I can't see any issues with my code, so I need another set of eyes. I am not getting any syntax error. Can anyone help point me where I have missed something? -Thanks

 

<?php
         if(isset($_POST['update'])) {
            $dbhost = 'mysql';
            $dbuser = 'user';
            $dbpass = 'pass';
           
            $conn = mysqli_connect($dbhost, $dbuser, $dbpass);
           
            if(! $conn ) {
               die('Could not connect: ' . mysqli_error());
            }
           
   $id = $_POST['id'];
            $title = $_POST['title'];
           
            $sqli = "UPDATE test ". "SET title = $title ".
               "WHERE id = $id" ;
            mysqli_select_db('test');
            $retval = mysqli_query( $sqli, $conn );
           
            if(! $retval ) {
               die('Could not update data: ' . mysqli_error());
            }
            echo "Updated data successfully\n";
           
            mysqli_close($conn);
         }else {
            ?>
               <form method = "post" action = "<?php $_PHP_SELF ?>">
                  <table width = "400" border =" 0" cellspacing = "1"
                     cellpadding = "2">
                 
                     <tr>
                        <td width = "100">ID</td>
                        <td><input name = "id" type = "text"
                           id = "id"></td>
                     </tr>
                 
                     <tr>
                        <td width = "100">Title</td>
                        <td><input name = "title" type = "text"
                           id = "title"></td>
                     </tr>
                 
                     <tr>
                        <td width = "100"> </td>
                        <td> </td>
                     </tr>
                 
                     <tr>
                        <td width = "100"> </td>
                        <td>
                           <input name = "update" type = "submit"
                              id = "update" value = "Update">
                        </td>
                     </tr>
                 
                  </table>
               </form>
            <?php
         }
      ?>

Share this post


Link to post
Share on other sites

This is some very poorly written and dangerous code. You never ever put variables in a query. You are wide open to an SQL Injection Attack. PHP_SELF is also vulnerable to an attack.

You need to use Prepared Statements and get rid of the action altogether for starters. And stop outputting internal system errors to the user.

Edited by benanamen

Share this post


Link to post
Share on other sites

yeah, i know. I am trying to learn how to create update scripts. I start with the basic concept then build off. 

Share this post


Link to post
Share on other sites

This clearly used to be mysql code. I can tell because all you did was add the 'i's without considering what else might have changed. Like the arguments to pass to the various functions.

Read the documentation for the functions you're misusing and try again.

Share this post


Link to post
Share on other sites

I found it online. Just wanted a simple code to use to test a sql update. I have created a prepared stmt script. No help is needed on this.

Share this post


Link to post
Share on other sites

Instead of just dumping mysqli_error(), also dump the statement you tried to make.  See if you can see why it wouldn't work.  If necessary, try it against a test database.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.