update not done

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jfigueiredo
Forum Newbie
Posts: 5
Joined: Tue Jul 12, 2005 9:57 am

update not done

Post by jfigueiredo »

Code: Select all

<?php
ob_start();
//include the header
require(&quote;top.php&quote;);


if($_SESSION&#1111;'Uname'] == '' || $_SESSION&#1111;'lp'] == '')
{
header(&quote;Location: login.php&quote;);
exit;
}
echo &quote;<br><br>&quote;;

$codigo_utente=$_GET&#1111;'codigo_utente'];
$sql = &quote;SELECT * FROM utente WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;




$rs = pg_query($con, $sql);
$registros = pg_numrows($rs);

if($registros > 0) {
$row = pg_fetch_assoc($rs);
}
$teste=$row&#1111;'nome'];
echo $teste;

echo &quote;<table><form method=post action=modificar_utente.php?action=update>&quote;;
echo &quote;<td>Nome:</td><td><input type=text name=nome value='&quote; .$row&#1111;'nome'] .&quote;' size=30></td>&quote;;
echo &quote;<tr><td><font szie=2>Data de Nascimento:</td><td><input type=text name=data_nascimento value='&quote; . $row&#1111;'data_nascimento'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Estado Civil:</td><td><input type=text name=estado_civil value='&quote; . $row&#1111;'estado_civil'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Nacionalidade:</td><td><input type=text name=nac value='&quote; . $row&#1111;'nac'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Observacao:</td><td><input type=text name=observacao value='&quote; . $row&#1111;'observacao'] . &quote;'size=50></td></tr>&quote;;
echo &quote;<tr><td></td><td><input type=submit value=Modificar></td></tr>&quote;;
echo &quote;</form></table>&quote;;

if($_GET&#1111;'action'] == 'update')
{
if($_POST&#1111;'nome'] == '' || $_POST&#1111;'data_nascimento'] == '' || $_POST&#1111;'estado_civil'] == '' || $_POST&#1111;'nac'] == ''|| $_POST&#1111;'observacao'] == '')
   {
      echo error(&quote;blank&quote;);
	  exit;
   }
   else
   {

    $sql=&quote;UPDATE utente SET nome='{$_POST&#1111;'nome']}'  WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    echo $codigo_utente;
    echo $_POST&#1111;'nome'];
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    $sql=&quote;UPDATE utente SET data_nascimento='{$_POST&#1111;'data_nascimento']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    
    $sql=&quote;UPDATE utente SET estado_civil='{$_POST&#1111;'estado_civil']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    
    $sql=&quote;UPDATE utente SET nac='{$_POST&#1111;'nac']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);

	      
    $sql=&quote;UPDATE utente SET observacao='{$_POST&#1111;'observacao']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
	  echo error(&quote;updated&quote;);
  }
}

function error($error)
{
if($error == 'blank')
{
echo &quote;<b>Por favor preencha todos os campos</b>&quote;;
}
if($error == 'password')
{
echo &quote;<b>The passwords do not match</b>&quote;;
}
if($error == 'updated')
{
echo &quote;<b>Alteracao Efectuada com sucesso</b>&quote;;
}
}
?>

Hi when i do this the update dont work.
Its possible that i lose the value for the varibale $codigo_utente?

Thanks in advance
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Nothing I can see right away. I'd suggest calling print_r($_POST) and print_r($_GET) to see what they are after you've submitted the form.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
jfigueiredo
Forum Newbie
Posts: 5
Joined: Tue Jul 12, 2005 9:57 am

Post by jfigueiredo »

i resolve the problem
i use,

Code: Select all

echo &quote;<input type=hidden name=codigo_utente_esc value='&quote;.$codigo_utente.&quote;'>&quote;;
to put the value passed in de url and then i can used in update like this:

Code: Select all

$sql=&quote;UPDATE utente SET nome='{$_POST&#1111;'nome']}'  WHERE codigo_ut='&quote; .$_POST&#1111;'codigo_utente_esc']. &quote;'&quote;;
thanks
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

I STRONGLY suggest you do some input validation on the POST variables before just throwing them in a query. What happens if $_POST['nome'] had a single quote in it? It would break your query.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
jfigueiredo
Forum Newbie
Posts: 5
Joined: Tue Jul 12, 2005 9:57 am

Post by jfigueiredo »

thanks for the sugestion will do that
Post Reply