Whats wrong with this?

[webrosc]

Can anyone tell me where i'm going wrong with this code?
I just can't see a problem with it, but it keeps comeing back saying 'Error, query failed'

All help would be great.
cheers.


[code]<?
      
$shirt=$_POST['shirt'];
$firstname=$_POST['firstname'];
$surname=$_POST['surname'];
$position=$_POST['position'];
$played=$_POST['played'];
$scored=$_POST['scored'];
$conceded=$_POST['conceded'];
$injury=$_POST['injury'];
$yellow=$_POST['yellow'];
$red=$_POST['red'];

mysql_connect(localhost,xxxx,xxxx);
@mysql_select_db(xxxx) or die( "Unable to select database try again");

$query = ("UPDATE team SET shirt='$shirt', first='$firstname', surname='$surname', position='$position', played='$played', scored='$scored', conceded='$conceded', injury='$injury', yellow='$yellow', red='$red' WHERE shirt = '$shirt'");


mysql_query($query) or die('Error, query failed');
echo "Record Updated";
mysql_close();
?>[/code]

[AndyB]

shirt appears to be some kind of index, so the second query (below) doesn't make sense
[code]SET shirt='$shirt' ..................WHERE shirt = '$shirt'")[/code]

[wickning1]

AndyB is correct, but I'm not sure that would produce an error. Use this to find out what the error is:

[code]mysql_query($query) or die(mysql_error());[/code]

[webrosc]

[!--quoteo(post=354883:date=Mar 14 2006, 02:14 PM:name=wickning1)--][div class=\'quotetop\']QUOTE(wickning1 @ Mar 14 2006, 02:14 PM) [snapback]354883[/snapback][/div][div class=\'quotemain\'][!--quotec--]
AndyB is correct, but I'm not sure that would produce an error. Use this to find out what the error is:

[code]mysql_query($query) or die(mysql_error());[/code]
[/quote]

Ok i'm now a total n00b and idiot, the mysql_error() bit helped tho, i was calling a field in my code first, but on the table it's firstname.

cheers for the help guys

[fenway]

It doesn't look like you're handling quotes properly -- MySQL will choke if you passed a surname of "O'Neill". Double-check.

[webrosc]

[!--quoteo(post=355155:date=Mar 15 2006, 12:29 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Mar 15 2006, 12:29 AM) [snapback]355155[/snapback][/div][div class=\'quotemain\'][!--quotec--]
It doesn't look like you're handling quotes properly -- MySQL will choke if you passed a surname of "O'Neill". Double-check.
[/quote]

thats a very good point i hadn't thought of, will look into it.

cheers

[fenway]

I'm not the PHP expert in the least, but I've seen the addslashes() function used to properly escape any "nasty" characters that mysql treats as special.

[webrosc]

[!--quoteo(post=355159:date=Mar 15 2006, 12:39 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Mar 15 2006, 12:39 AM) [snapback]355159[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'm not the PHP expert in the least, but I've seen the addslashes() function used to properly escape any "nasty" characters that mysql treats as special.
[/quote]
compaired to me you are a total expert lol.
i will check out the addslashes() function, the site is just a little example at mo for bro as he is just starting to put a team together, so time is plenty :)

[wickning1]

He'll probably be fine, most web hosts have magic quotes turned on (to help cover their butts from a security standpoint).

Magic quotes are so evil. If you don't know already, do yourself a favor, google a bit, learn what magic quotes are, and learn how to deal with/without them.

Maybe I'll write a tutorial I can link to.

[webrosc]

[!--quoteo(post=355246:date=Mar 15 2006, 07:25 AM:name=wickning1)--][div class=\'quotetop\']QUOTE(wickning1 @ Mar 15 2006, 07:25 AM) [snapback]355246[/snapback][/div][div class=\'quotemain\'][!--quotec--]
He'll probably be fine, most web hosts have magic quotes turned on (to help cover their butts from a security standpoint).

Magic quotes are so evil. If you don't know already, do yourself a favor, google a bit, learn what magic quotes are, and learn how to deal with/without them.

Maybe I'll write a tutorial I can link to.
[/quote]
i've tested my pages and adding a ' does not cause any errors.

but thanks guys for mentioning it

[fenway]

Ugh... I can't believe PHP ever included magic_quotes_gpc at all. What a stupid idea.

Anyway, to maintain portability -- i.e. when you move to host that is smart, or realize how evil magic_quotes is and turn it off -- without blowing up all your scripts, you should roll-your-own addslashes() wrapper that check the see if the "magic" is on or off, and act accordingly.

This is why I use Perl...

[wickning1]

Yeah, I like Perl quite a bit too. That's why when I started with PHP I rolled out my own database class that works like DBI. I parse out the placeholders myself.