cheechm Posted June 5, 2007 Share Posted June 5, 2007 So I am trying to update a row called Review (a text field) in my database in my table, but can't seem to do it. no errors are being shown: addreview.php <?php $eventname = $_GET['eventname']; $review = $_GET['review']; $year = $_GET['year']; $con = mysql_connect(""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("", $con); mysql_query("UPDATE results SET Review = '$_GET[review]' WHERE EventName = '$eventname' AND Year = '$year' "); if (mysql_errno()) printf("<b>Error: %s<br>\nOn query: $query</b><br>\n",mysql_error(),$query); { echo "Review for $eventname is now filed"; } mysql_close($con) ?> <meta http-equiv="refresh" content="1;url=review.php"> Not even the echo "Review for $eventname is now filed"; displays the event name. The form is as follows: <form method="post" action="addreview.php"> Eventname: <input type="text" name="eventname" /><br /> Yeargroup: <input type="text" name="year" /><br /> Review:<br /> <textarea name="Review" rows="10" cols="32"></textarea><br /> <p><input type="submit" name="submit" value="Add Review"> </form> For some reason, this doesn't work. I can't seem to find why. [Extra info] There is columns in Results table called: EventName Year Result Team All other processes with this table work. There is a default value for the Review column: "No review yet". Quote Link to comment Share on other sites More sharing options...
Yesideez Posted June 5, 2007 Share Posted June 5, 2007 Try this: mysql_query("UPDATE `results` SET `Review` = '".$_POST['review']."' WHERE EventName = '$eventname' AND Year = '$year' "); If that fails make sure the case of your table and fild names match. For example, If your field is called "review" use that instead of "Review" Quote Link to comment Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 Your form uses the post method, while your trying to grab the data from $_GET. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Share Posted June 5, 2007 Read my comments, and try this: <?php # You should use addslashes when adding something to a database. # When printing out the results from the database use stripslashes. $eventname = addslashes($_POST['eventname']); $review = addslashes($_POST['review']); $year = addslashes($_POST['year']); $con = mysql_connect(""); # Is this supposed to be empty? if (!$con){ die('Could not connect: ' . mysql_error()); } mysql_select_db("", $con); # Should this be empty too? if (mysql_query("UPDATE `results` SET `Review` = '{$_POST['review']}' WHERE EventName = '$eventname' AND Year = '$year' ")or die(mysql_error())){ echo "Review for $eventname is now filed"; } mysql_close($con) header("refresh: 5; url=review.php"); exit; ?> Quote Link to comment Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 # You should use addslashes when adding something to a database. # When printing out the results from the database use stripslashes. This is a myth. stripslashes does NOT need to be applied to data comming from a database. It only needs to be applied if you are displaying (directly) form data which has had addslashes applied to it or if magic_quotes_gpc is on. Slashes are NOT stored in the database. PS; You should also use mysql_real_escape_string instead where available. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 5, 2007 Share Posted June 5, 2007 Quote # You should use addslashes when adding something to a database. # When printing out the results from the database use stripslashes. This is a myth. stripslashes does NOT need to be applied to data comming from a database. It only needs to be applied if you are displaying (directly) form data which has had addslashes applied to it or if magic_quotes_gpc is on. Slashes are NOT stored in the database. PS; You should also use mysql_real_escape_string instead where available. Agreed, you should NEVER stripslashes on data coming out of the DB, that is definitely bad programming. To the Little Guy: The "only" time you should stripslashes is if you want to display data from a form on the page and not insert it into a db and get_magic_quotes_gpc is on. If the data is coming from the DB stripslashes should not have to be used if done properly. <?php function escape_string($string) { return get_magic_quotes_gpc()?mysql_real_escape_string(stripslashes ($string)):mysql_real_escape_string($string); } ?> Using that will make sure the string is escaped properly, and will not double up on slashes. Note if you do not use mysql, change the function to whatever db you are using. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Share Posted June 5, 2007 It only needs to be applied if you are displaying (directly) form data which has had addslashes applied to it or if magic_quotes_gpc is on. Slashes are NOT stored in the database. Huh? I don't get this line. If you use addslashes, and save it into the database, there will be slashes in front of the quotes. then when you echo it out, it would look like this: I\'m cool. so you would need to use stripslashes so it looks like this: I'm cool. Quote Link to comment Share on other sites More sharing options...
cheechm Posted June 5, 2007 Author Share Posted June 5, 2007 Your form uses the post method, while your trying to grab the data from $_GET. That is becuase you have to post the review. Nothing seems to be working. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Share Posted June 5, 2007 $_GET - Grabs data from the URL $_POST - Grabs data from a form. you need to change them to $_POST in the PHP portion of the script. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 5, 2007 Share Posted June 5, 2007 It only needs to be applied if you are displaying (directly) form data which has had addslashes applied to it or if magic_quotes_gpc is on. Slashes are NOT stored in the database. Huh? I don't get this line. If you use addslashes, and save it into the database, there will be slashes in front of the quotes. then when you echo it out, it would look like this: I\'m cool. so you would need to use stripslashes so it looks like this: I'm cool. The only reason you have to stripslashes on your data coming out of yourr database is because magic_quotes are on and when you add slashes on POST data that has magic_quotes on it doubles the slashes, so in reality what you are entering into the DB is: I\\'m cool. Which the database automatically removes the first set of slashes so when looking at the DB it appears as I\'m cool Which in return is why you have to stripslashes. Now if you did it properly and only added slashes or mysql_real_escape_string when magic_quotes are off than the data would be entered into the db like so: I\'m cool. Which the database automatically removes the first set of slashes so when looking at the DB it appears as I'm cool Which in return, when retrieved does not have any slashes on it. Here is a test so you can see what I am talking about <?php // mysql_connect here $slasshed = "I'm Cool"; $slasshed = addslashes(addslashes($slashed)); // which is essentially what you are doing $unslasshed = "I'm Cool"; $unslasshed = addslashes($unslasshed); mysql_query("INSERT INTO test (`testdata`) VALUES ('" . $slasshed . "');"); mysql_query("INSERT INTO test (`testdata`) VALUES ('" . $unslasshed . "');"); $query = "SELECT * FROM test"; $qu = mysql_query($query); echo 'Data inserted is: <br />'; echo '$slasshed = ' . $slasshed . '<br />'; echo '$unslasshed = ' . $unslasshed . '<br /><br />'; while ($row = mysql_fetch_array($qu)) { echo 'Data : ' . $row[0] . "<br />"; } ?> That should give you a better aspect on what is happening. Quote Link to comment Share on other sites More sharing options...
cheechm Posted June 5, 2007 Author Share Posted June 5, 2007 Ok. Everything sorted apart from the Review section doesn't seem to be updating. No matter how much or little text I add into the textarea, it won't add to the database. Any ideas? Quote Link to comment Share on other sites More sharing options...
per1os Posted June 5, 2007 Share Posted June 5, 2007 <?php // change $_GET to $_POST due to the nature of the form posted as it POSTS the data not GETS $eventname = $_POST['eventname']; $review = $_POST['review']; $year = $_POST['year']; $con = mysql_connect(""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("", $con); mysql_query("UPDATE results SET Review = '$review' WHERE EventName = '$eventname' AND Year = '$year' "); if (mysql_errno()) printf("<b>Error: %s<br>\nOn query: $query</b><br>\n",mysql_error(),$query); { echo "Review for $eventname is now filed"; } mysql_close($con) ?> <meta http-equiv="refresh" content="1;url=review.php"> Try that and see if it works. Quote Link to comment Share on other sites More sharing options...
trq Posted June 6, 2007 Share Posted June 6, 2007 If you use addslashes, and save it into the database, there will be slashes in front of the quotes. No. The slashes are escape characters, they don't actually get stored within the database. They just enable you to store quotes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.