Jump to content

mysql_query help again.

clanstyles

By clanstyles
in PHP Coding Help

 Share

Recommended Posts

clanstyles Member

clanstyles

Posted
Posted 

$values[0] = $_REQUEST['name'];
                      								$values[1] = $_REQUEST['email'];
                      								$values[2] = $_REQUEST['address'];
                      								$values[3] = $_REQUEST['state'];
                      								$values[4] = $_REQUEST['city'];
                      								$values[5] = $_REQUEST['zip'];
                      								$values[6] = $_REQUEST['type'];
                      								$values[7] = $_REQUEST['footage'];
                      								$values[8]  = $_POST['approved'];
                      									
                      								mysql_query("update `houses` set 
                      								`name`='".$values[0]."', 
                      								`email`='".$values[1]."', 
                      								`address`='".$values[2]."', 
                      								`state`='".$values[3]."', 
                      								`city`='".$values[4]."', 
                      								`zip`='".$values[5]."', 
                      								`type`='".$values[6]."', 
                      								`footage`='".$values[7]."',
                      								`enabled`='".$values[8]."'
                      								WHERE `id`='".$_POST['id']."'") or die(mysql_error());

I can't get this to work.

It doesn't update anything.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Does it show any form of error?

 

Also, why are you using REQUEST?  That leaves the script open to all kinds of SQL injection.

 

 

Edit:  To correct my self, that speciffically doesn't open it up to SQL injection, but it can be harder to clean data if you don't know where it's coming from.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Some where in your code echo out the query, and tell us what it says.

 

And ummmm why isn't POST always working?  Do you have POST set as the method on the form?  If you don't, then that could be the problem since it could be sending it through GET, and you're trying to update based off of a $_POST variable.

Link to comment
Share on other sites
clanstyles Member

clanstyles

Posted
  • Author
Posted 

                      							<form id="admin" enctype="multipart/form-data" name="admin" method="post" action="?page=admin&action=edit&id=<?php echo $_REQUEST['id']; ?>">
												 <table border="0" align="center" cellpadding="0" cellspacing="0">
												    <tr>
												     <td>Name:</td>
												      <td><label>
												        <input type="text" name="name" id="name" value="<?php echo $f['name']; ?>" />
												      </label></td>
												    </tr>
												    <tr>
												      <td>Email:</td>
												      <td><input type="text" name="email" id="email" value="<?php echo $f['email']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Address:</td>
												      <td><input type="text" name="address" id="address" value="<?php echo $f['address']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>State:</td>
												      <td><input type="text" name="state" id="state" value="<?php echo $f['state']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>City:</td>
												      <td><input type="text" name="city" id="city" value="<?php echo $f['city']; ?>" /></td>
												    </tr>

												    <tr>
												      <td>Zip:</td>
												      <td><input type="text" name="zip" id="zip" value="<?php echo $f['zip']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Type:</td>
												      <td><input type="text" name="type" id="type" value="<?php echo $f['type']; ?>" /></td>
												    </tr>
												    <tr>
												      <td>Square Feet:</td>
												      <td><input type="text" name="footage" id="footage" value="<?php echo $f['footage']; ?>" /></td>
												    </tr>

												    <tr>
												      <td>Approved:</td>
												      <td><select name="approved" size="2" id="approved">
														  <option value="1" <?php if($f['enabled'] == "1") echo "selected=\"selected\""; ?>>approved</option>
														  <option value="0" <?php if($f['enabled'] == "0") echo "selected=\"selected\""; ?>>unapproved</option>
														</select></td>
												    </tr>													    
												        <tr>
												      <td colspan="2"><label>
												        <input type="submit" name="submit" id="submit" value="Submit" />
												        <input type="button" name="Delete" id="Delete" value="Delete" />
												      </label></td>

 

Thats the form..mabye i fucked that up and i dk lol

Link to comment
Share on other sites
AndyB Regular Member

AndyB

Posted
Posted

You do like tabs, don't you!! That's hard to read in this forum.

 

Actually, the id appears to be a $_GET variable (not a $_POST variable) since it's stuck on the end of your form action URL.  It would have made more sense to have it as a hidden input in the form, but then it's your code not mine.

Link to comment
Share on other sites
JP128 Member

JP128

Posted
Posted 

<?php
$values[0] = $_POST['name'];
$values[1] = $_POST['email'];
$values[2] = $_POST['address'];
$values[3] = $_POST['state'];
$values[4] = $_POST['city'];
$values[5] = $_POST['zip'];
$values[6] = $_POST['type'];
$values[7] = $_POST['footage'];
$values[8] = $_POST['approved'];

mysql_query("update `houses` set `name`='$values[0]', `email`='$values[1]', `address`='$values[2]', `state`='$values[3]', `city`='$values[4]', `zip`='$values[5]', `type`='$values[6]', `footage`='$values[7]', `enabled`='$values[8]' WHERE `id`='$_POST[id]'") or die(mysql_error());
?>

 

try that

 

 

 

EDIT:

 

Also, you dont ever end your form...

</form>

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Correct format protecting the database.

 

 

Also you did not use all this in a form mad man/lady lol good luck ok.

 

<?php

if($_POST['submit']){

$values[0] = addslashes($_POST['name']);
$values[1] = addslashes($_POST['email']);
$values[2] = addslashes($_POST['address']);
$values[3] = addslashes($_POST['state']);
$values[4] = addslashes($_POST['city']);
$values[5] = addslashes($_POST['zip']);
$values[6] = addslashes($_POST['type']);
$values[7] = addslashes($_POST['footage']);
$values[8] = addslashes($_POST['approved']);
$id=addslashes($_POST['id']);

$query="update `houses` set `name`=".$values[0].",`email`=".$values[1].",`address`=".$values[2].",
`state`=".$values[3].",`city`=".$values[4].",`zip`=".$values[5].",`type`=".$values[6].",
`footage`=".$values[7].",`enabled`=".$values[8]." WHERE `id`='$id'";

$result=mysql_query($query);
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.