PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I can confidently add a new record but now I want to update an existing record. I'm using the following code but it's not working. As you can see in the code I'm using a fancy-schmancy dynamically generated form list feature and I don't think there's any conflicts from that code - but I could be wrong. If you see what's wrong - any help is greatly appreciated. Thanks in advance.
In the meantime I'll work on deleting records. That should be easy.
You have an error in your SQL syntax near 'TESTING 3 WHERE id = ' at line 1
I understand why I'm getting that error. I know I need to essentially say "update the record where the record ID is equal to the record ID in the dropdown list". Would that look something like this?
$query = "UPDATE family2 SET family_name = '$nameadd' WHERE '$searchfieldid' = '$id'";
LOL! That worked except that it changed the field 'family_name' in every record of the database into the words 'LAMP TEST 3' which is what I entered in my field in an effort to change one record.
Does that mean I should flip-flop my $searchfieldid and $id variables? *shrug* goes off to test.
Of course now maybe after this the IT group will set up a development version of the site for me. lol
argh - i got confused. anyway - I'm going to set up a test database real quick. Good thing I asked IT to back up the data last night - I fully expected something like this to happen. lol
thanks so much for your help.
In regards to the SQL injection issue - i found one discussion in the security forum that points to 'magic quotes are evil' or something like that. In that article it discusses a couple of solutions. Do you recommend the POV of that article or should I look somewhere else?
$nameadd = $_POSTї'nameadd'];
$fieldname = $_POSTї'fieldname'];
$query = "UPDATE family2 SET family_name = '$nameadd' WHERE '$fieldname' = id";
mysql_query($query) or die(mysql_error());
I realized that I was calling the entirely wrong variable/field name because of how the 'select' list was labeled and values assigned.
Now I have to work on figuring out how to validate the name so that duplicates are not added. Plus I have to figure out how to avoid SQL injection. This has been a great learning experience for me! Thanks so much for the help.