[SOLVED] Database won't update...

[ryeman98]

So I have everything good except for two things.

 

1) The complete date won't show when I'm editing. It'll only show the month even though the full date is in there.

 

2) The database won't update. There is no error or anything, in fact, it says that it has updated the database.

 

Code:

<?php
if ($_GET['action'] == "edit") {

$id = $_POST['id'];
$edit = mysql_query("SELECT * FROM news WHERE id='$id'");
$display = mysql_fetch_array($edit);

echo "
<table border=0 cellpadding=0 cellspacing=2>
<form name=\"editarticle\" action=\"/article.php?action=update\" method=\"post\">
<tr valign=top><td><strong>Title:</strong></td> <td><input type=\"text\" name=\"title\" size=\"60\" value=".$display['title']." /></td></tr>
<tr valign=top><td><strong>Date:</strong></td> <td><input type=\"text\" name=\"date\" value=".$display['date']."</td></tr>
<tr valign=top><td><strong>Content:</strong></td> <td><textarea name=\"content\" maxlength=\"10000\" cols=\"50\" rows=\"10\">".$display['content']."</textarea></td></tr>
<tr valign=top><td><strong>Password:</strong></td> <td><input type=\"password\" name=\"password\" /></td></tr>
<tr align=right><td></td><td><input type=\"submit\" name=\"submit\" value=\"Edit Article\" /></td></tr>
</form></table>";

} elseif ($_GET['action'] == "update") {

$title = $_POST['title'];
$date = $_POST['date'];
$content = $_POST['content'];

if ($_POST['password'] == "oilersrock") {
$update1 = ("UPDATE SET title='$title'")
or die(mysql_error());
$update2 = ("UPDATE SET date='$date'")
or die(mysql_error());
$update3 = ("UPDATE SET content='$content'")
or die(mysql_error());
	echo "Your article has been updated.";
}
}
?>


Help please?

[redarrow]

$query="update $datebase_colum set $field = '$field' where $what='$what'";

[trq]

1) Your value attribute needs to be surrounded in quotes in order for the html to be valid.

 

<tr valign=top><td><strong>Date:</strong></td> <td><input type=\"text\" name=\"date\" value=\"".$display['date']."\"</td></tr>

 

2) You never execute any SQL statement. Take a look at mysql_query.

[ryeman98]

Wow. I'm really off the ball today

 

Thanks for the obvious!

[ryeman98]

OK well I did that and now I'm getting this error:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '='5'' at line 1

 

This is the code:

$id = $_POST['id'];
$title = $_POST['title'];
$date = $_POST['date'];
$content = $_POST['content'];

if ($_POST['password'] == "oilersrock") {
$updatetitle = mysql_query("UPDATE news SET title='$title' WHERE='$id'")
or die(mysql_error());
$updatedate = mysql_query("UPDATE news SET date='$date' WHERE='$id'")
or die(mysql_error());
$updatecontent = mysql_query("UPDATE news SET content='$content' WHERE='$id'")
or die(mysql_error());
	echo "Your article has been updated.";
}

 

Any ideas?

Thanks

[dough boy]

You need to have a "field" = 5 and not "WHERE"  I.e. WHERE='5' should be WHERE id = '5'

[redarrow]

WHERE id='$id'

 

i got beat lol but

 

addslashes where is it

 

$id = addslashes($_POST['id']); <<< do it to all to protect your database at minum

 

$id = $_POST['id'];
$title = $_POST['title'];
$date = $_POST['date'];
$content = $_POST['content'];

if ($_POST['password'] == "oilersrock") {
$updatetitle = mysql_query("UPDATE news SET title='$title' WHERE id='$id'")
or die(mysql_error());
$updatedate = mysql_query("UPDATE news SET date='$date' WHERE id='$id'")
or die(mysql_error());
$updatecontent = mysql_query("UPDATE news SET content='$content' WHERE id='$id'")
or die(mysql_error());
	echo "Your article has been updated.";
}