Jump to content

mysql_query help again.

clanstyles

By clanstyles
in PHP Coding Help

Recommended Posts

clanstyles Member

clanstyles

Posted
Posted 

$values[0] = $_REQUEST['name'];
                      								$values[1] = $_REQUEST['email'];
                      								$values[2] = $_REQUEST['address'];
                      								$values[3] = $_REQUEST['state'];
                      								$values[4] = $_REQUEST['city'];
                      								$values[5] = $_REQUEST['zip'];
                      								$values[6] = $_REQUEST['type'];
                      								$values[7] = $_REQUEST['footage'];
                      								$values[8]  = $_POST['approved'];
                      									
                      								mysql_query("update `houses` set 
                      								`name`='".$values[0]."', 
                      								`email`='".$values[1]."', 
                      								`address`='".$values[2]."', 
                      								`state`='".$values[3]."', 
                      								`city`='".$values[4]."', 
                      								`zip`='".$values[5]."', 
                      								`type`='".$values[6]."', 
                      								`footage`='".$values[7]."',
                      								`enabled`='".$values[8]."'
                      								WHERE `id`='".$_POST['id']."'") or die(mysql_error());

I can't get this to work.

It doesn't update anything.

Link to comment
https://forums.phpfreaks.com/topic/57892-mysql_query-help-again/
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Does it show any form of error?

 

Also, why are you using REQUEST?  That leaves the script open to all kinds of SQL injection.

 

 

Edit:  To correct my self, that speciffically doesn't open it up to SQL injection, but it can be harder to clean data if you don't know where it's coming from.

corbin Regular Member

corbin

Posted
Posted

Some where in your code echo out the query, and tell us what it says.

 

And ummmm why isn't POST always working?  Do you have POST set as the method on the form?  If you don't, then that could be the problem since it could be sending it through GET, and you're trying to update based off of a $_POST variable.

clanstyles Member

clanstyles

Posted
  • Author
Posted 

                      							<form id="admin" enctype="multipart/form-data" name="admin" method="post" action="?page=admin&action=edit&id=<?php echo $_REQUEST['id']; ?>">
												 <table border="0" align="center" cellpadding="0" cellspacing="0">
												    <tr>
												     <td>Name:</td>
												      <td><label>
												        <input type="text" name="name" id="name" value="<?php echo $f['name']; ?>" />
												      </label></td>
												    </tr>
												    <tr>
												      <td>Email:</td>
												      <td><input type="text" name="email" id="email" value="<?php echo $f['email']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Address:</td>
												      <td><input type="text" name="address" id="address" value="<?php echo $f['address']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>State:</td>
												      <td><input type="text" name="state" id="state" value="<?php echo $f['state']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>City:</td>
												      <td><input type="text" name="city" id="city" value="<?php echo $f['city']; ?>" /></td>
												    </tr>

												    <tr>
												      <td>Zip:</td>
												      <td><input type="text" name="zip" id="zip" value="<?php echo $f['zip']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Type:</td>
												      <td><input type="text" name="type" id="type" value="<?php echo $f['type']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Square Feet:</td>
												      <td><input type="text" name="footage" id="footage" value="<?php echo $f['footage']; ?>" /></td>
												    </tr>

												    <tr>
												      <td>Approved:</td>
												      <td><select name="approved" size="2" id="approved">
														  <option value="1" <?php if($f['enabled'] == "1") echo "selected=\"selected\""; ?>>approved</option>
														  <option value="0" <?php if($f['enabled'] == "0") echo "selected=\"selected\""; ?>>unapproved</option>
														</select></td>
												    </tr>													    
												        <tr>
												      <td colspan="2"><label>
												        <input type="submit" name="submit" id="submit" value="Submit" />
												        <input type="button" name="Delete" id="Delete" value="Delete" />
												      </label></td>

 

Thats the form..mabye i fucked that up and i dk lol

AndyB Regular Member

AndyB

Posted
Posted

You do like tabs, don't you!! That's hard to read in this forum.

 

Actually, the id appears to be a $_GET variable (not a $_POST variable) since it's stuck on the end of your form action URL.  It would have made more sense to have it as a hidden input in the form, but then it's your code not mine.

JP128 Member

JP128

Posted
Posted 

<?php
$values[0] = $_POST['name'];
$values[1] = $_POST['email'];
$values[2] = $_POST['address'];
$values[3] = $_POST['state'];
$values[4] = $_POST['city'];
$values[5] = $_POST['zip'];
$values[6] = $_POST['type'];
$values[7] = $_POST['footage'];
$values[8] = $_POST['approved'];

mysql_query("update `houses` set `name`='$values[0]', `email`='$values[1]', `address`='$values[2]', `state`='$values[3]', `city`='$values[4]', `zip`='$values[5]', `type`='$values[6]', `footage`='$values[7]', `enabled`='$values[8]' WHERE `id`='$_POST[id]'") or die(mysql_error());
?>

 

try that

 

 

 

EDIT:

 

Also, you dont ever end your form...

</form>

redarrow Advanced Member

redarrow

Posted
Posted

Correct format protecting the database.

 

 

Also you did not use all this in a form mad man/lady lol good luck ok.

 

<?php

if($_POST['submit']){

$values[0] = addslashes($_POST['name']);
$values[1] = addslashes($_POST['email']);
$values[2] = addslashes($_POST['address']);
$values[3] = addslashes($_POST['state']);
$values[4] = addslashes($_POST['city']);
$values[5] = addslashes($_POST['zip']);
$values[6] = addslashes($_POST['type']);
$values[7] = addslashes($_POST['footage']);
$values[8] = addslashes($_POST['approved']);
$id=addslashes($_POST['id']);

$query="update `houses` set `name`=".$values[0].",`email`=".$values[1].",`address`=".$values[2].",
`state`=".$values[3].",`city`=".$values[4].",`zip`=".$values[5].",`type`=".$values[6].",
`footage`=".$values[7].",`enabled`=".$values[8]." WHERE `id`='$id'";

$result=mysql_query($query);
}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.