Jump to content

update mysql using simple form


elkidogz

Recommended Posts

all i want this silly page todo is take info from a form, then do an update to the SQL record that it matches provided from the form

so, form is this.

[code=html] <form id="Customerinfo" action="CustomerFormUpdate.php" method="post">
<table border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td>
<h3>Customer Account creation Information:</h3>
</td>
</table>
<table border="0" cellpadding="0" cellspacing="0" align="center">
</tr>
<tr>
<td>
User ID:
</td>
<td>
<input type="text" name="CustLOGON" value="" size="45"/>
</td>
</tr>
<tr>
<td>
User Pass:
</td>
<td>
<input type="password" name="CustPASS" value="" size="45"/>
</td>
</tr>
<tr>
<td>
Company Name:
</td>
<td>
<input type="text" name="CustCOMPANY" value="" size="45"/>
</td>
</tr>
<tr>
<td>
Company Contact First Name:
</td>
<td>
<input type="text" name="CustFN" value="" size="45"/>
</td>
</tr>
<tr>
<td>
<input type="Submit" value="Submit"/>
<input type="Reset" value="Reset"/>
</td>
</tr>
</table> 
</form>[/code]

and the php is this

[code=php]
<?php
$con = mysql_connect("localhost", "username", "pass");
if (!$con)
  {
  die('Could not connect to the database Contact Site admin ' . mysql_error());
  }
mysql_select_db("mysqldb", $con);

// TAKE RECORDS AND UPDATE BASED ON $_POST[CustLOGON] or user longon ID

$sql='UPDATE `mysqldb` SET `CustCompany`="$_POST[CustCOMPANY]", `CustFn`="$_POST[CustFN]"
WHERE `CustLogon`= "$_POST[CustLOGON]"';


if (!mysql_query($sql,$con))
  {
  die('Error Not able to update Values to table Check your syntax: ' . mysql_error());
  }

// DISPLAY UPDATED RECORDS

$result = mysql_query("SELECT * FROM mysqldb");
echo "showing all records: <br/>";
while($row = mysql_fetch_array($result))
  {
  echo $row['CustLogon'] . " " . $row['CustCompany'] . " " . $row['CustFn'];
  echo "<br />";
  }


mysql_close($con)
?>
[/code]

Now, when i run this i don't receive any errors and it displays the database records as if they were not touched. so i know it's in the where statement but why isn't it picking up the value? ??? ??? ??? what am i doing wrong here?
Link to comment
https://forums.phpfreaks.com/topic/33154-update-mysql-using-simple-form/
Share on other sites

change

[code=php:0]
$sql='UPDATE `mysqldb` SET `CustCompany`="$_POST[CustCOMPANY]", `CustFn`="$_POST[CustFN]"
WHERE `CustLogon`= "$_POST[CustLOGON]"';
[/code]

to

[code=php:0]
$sql="UPDATE `mysqldb` SET `CustCompany`='{$_POST[CustCOMPANY]}', `CustFn`='{$_POST[CustFN]}'
WHERE `CustLogon`= '{$_POST[CustLOGON]}'";
[/code]

php only parses things between double quotes looking for variables.

You also would really want to filter those items before they are inputted into the database as well, what you're doing now is vulnerable to sql injection. See http://www.php.net/mysql_real_escape_string
Time for some debugging tricks :P

after

[code=php:0]
$sql="UPDATE `mysqldb` SET `CustCompany`='{$_POST[CustCOMPANY]}', `CustFn`='{$_POST[CustFN]}'
WHERE `CustLogon`= '{$_POST[CustLOGON]}'";
[/code]

put

[code=php:0]
echo $sql;
die();
[/code]

and ensure the query is correct

@jesirose:
you dont HAVE to encase them in quotes, but you're right, it's great practice.
[quote author=jesirose link=topic=121311.msg498513#msg498513 date=1168128811]
Did you check the actual database to see if the changes were made?
With arrays, you need to do $_POST['CustCOMPANY'], surrounding the key in single quotes.
[/quote]

yeah i do have it dumping the data base array look down in my initial code :)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.