Page 1 of 1

Why wont this update?

Posted: Sun Aug 09, 2009 8:39 am
by omen
I dont understand why this code is not updating the database. When I click submit all I get back is "Array()" at the top of the unchanged form.

Code: Select all

<?php require_once("includes/connect.php"); ?> 
<?php require_once("includes/functions.php"); ?> 
<?php 
      if (intval($_GET['article']) == 0) { 
         redirect_to("news.php"); 
      } 
      if (isset($_POST['submit'])) { 
         $errors = array(); 
 
         $required_fields = array('title', 'content'); 
         foreach($required_fields as $fieldname) { 
            if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {  
               $errors[] = $fieldname;  
            } 
         } 
          
         print_r($errors); 
          
         if (empty($errors)) { 
            // Perform Update 
            $id = $_GET['article']; 
            $title = $_POST['title']; 
            $content = $_POST['content']; 
             
            $query = "UPDATE subjects SET  
                     title = '{$title}', 
                     content = '{$content}' 
                  WHERE id = {$id}"; 
            $result = mysql_query($query, $connect); 
            if (mysql_affected_rows() == 1) { 
               // Success 
            } else { 
               // Failed 
            } 
             
         } else { 
            // Errors occurred 
         } 
          
          
          
          
      }  
?> 
<?php 
if(isset($_GET['article'])) { 
      $query = "SELECT * FROM news WHERE id={$_GET['article']} "; 
      $get_article = mysql_query($query, $connect); 
      if(!$get_article) { 
         die("Database Query Failed: ".mysql_error()); 
      } 
         if ($articledata = mysql_fetch_array($get_article)) { 
      } else { 
         $articledata = NULL; 
      } 
} 
?> 
<?php include("includes/header.php"); ?> 
 
   <h2>Edit News Article: <?php echo $articledata['title']; ?></h2> 
            <form action="editnews.php?article=<?php echo $articledata['id']; ?>" method="post"> 
                <p>Title:<br /></p> 
                    <input type="text" name="title" value="<?php echo $articledata['title']; ?>" id="title" /> 
            
                <p>   Content:<br /></p> 
                    <textarea name="content" cols="40" rows="5" id="content"><?php echo $articledata['content']; ?></textarea> 
                <br /><input type="submit" name="submit" value="Edit News"  /> 
                    
              
            </form> 
         <br /> 
         <a href="news.php">Cancel</a> 
    
<?php require("includes/footer.php"); ?>

Re: Why wont this update?

Posted: Sun Aug 09, 2009 8:45 am
by aceconcepts
What happens in editnews.php or is this the same page?

Re: Why wont this update?

Posted: Sun Aug 09, 2009 8:54 am
by omen
its the same page

Re: Why wont this update?

Posted: Sun Aug 09, 2009 9:19 am
by omen
I got it solved I changed the query bit to

Code: Select all

            $query = "UPDATE news SET
                                title = '{$title}',
                                content = '{$content}'
                            WHERE id= {$id}";
                 $result = mysql_query($query, $connect);
                 if(mysql_affected_rows() == 1) {
                     echo 'Successfully updated';
                 } else {
                    echo 'Failed to update! Why?<br />' . mysql_info();
                    echo 'Is there an error?<br/>' . mysql_error();
                    echo 'Whats the query?<br/>' . $query;
                 } 
            }
           

Re: Why wont this update?

Posted: Sun Aug 09, 2009 9:26 am
by peterjwest
First of all make sure you can see php errors, put this at the top of your script:

Code: Select all

 
ini_set('display_errors', true);
error_reporting(E_ALL);
 
If there any errors they should tell you which approximately line has the problem.

Aside from that you should be escaping all user data that goes into MySQL. Your script is currently massively susceptible to a MySQL injection attack. Here's an example:
If I get to your form and enter the title: "blah'; drop table subjects;" your database will delete the subjects table. I can essentially add any mysql statement I wish.
You should run ALL user input to the database through mysql_real_escape_string().

Re: Why wont this update?

Posted: Sun Aug 09, 2009 10:09 am
by frao_0
Try changing WHERE id = {$id} by WHERE id = $id. Try to see what goes wrong using mysql_error() or to see if any rows have been affected

Re: Why wont this update?

Posted: Sun Aug 09, 2009 11:47 am
by peterjwest
He's fixed it now.