Page 1 of 1

update not done

Posted: Wed Jul 13, 2005 6:29 am
by jfigueiredo

Code: Select all

<?php
ob_start();
//include the header
require(&quote;top.php&quote;);


if($_SESSION&#1111;'Uname'] == '' || $_SESSION&#1111;'lp'] == '')
{
header(&quote;Location: login.php&quote;);
exit;
}
echo &quote;<br><br>&quote;;

$codigo_utente=$_GET&#1111;'codigo_utente'];
$sql = &quote;SELECT * FROM utente WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;




$rs = pg_query($con, $sql);
$registros = pg_numrows($rs);

if($registros > 0) {
$row = pg_fetch_assoc($rs);
}
$teste=$row&#1111;'nome'];
echo $teste;

echo &quote;<table><form method=post action=modificar_utente.php?action=update>&quote;;
echo &quote;<td>Nome:</td><td><input type=text name=nome value='&quote; .$row&#1111;'nome'] .&quote;' size=30></td>&quote;;
echo &quote;<tr><td><font szie=2>Data de Nascimento:</td><td><input type=text name=data_nascimento value='&quote; . $row&#1111;'data_nascimento'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Estado Civil:</td><td><input type=text name=estado_civil value='&quote; . $row&#1111;'estado_civil'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Nacionalidade:</td><td><input type=text name=nac value='&quote; . $row&#1111;'nac'] . &quote;'></td></tr>&quote;;
echo &quote;<tr><td><font szie=2>Observacao:</td><td><input type=text name=observacao value='&quote; . $row&#1111;'observacao'] . &quote;'size=50></td></tr>&quote;;
echo &quote;<tr><td></td><td><input type=submit value=Modificar></td></tr>&quote;;
echo &quote;</form></table>&quote;;

if($_GET&#1111;'action'] == 'update')
{
if($_POST&#1111;'nome'] == '' || $_POST&#1111;'data_nascimento'] == '' || $_POST&#1111;'estado_civil'] == '' || $_POST&#1111;'nac'] == ''|| $_POST&#1111;'observacao'] == '')
   {
      echo error(&quote;blank&quote;);
	  exit;
   }
   else
   {

    $sql=&quote;UPDATE utente SET nome='{$_POST&#1111;'nome']}'  WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    echo $codigo_utente;
    echo $_POST&#1111;'nome'];
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    $sql=&quote;UPDATE utente SET data_nascimento='{$_POST&#1111;'data_nascimento']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    
    $sql=&quote;UPDATE utente SET estado_civil='{$_POST&#1111;'estado_civil']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
    
    $sql=&quote;UPDATE utente SET nac='{$_POST&#1111;'nac']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);

	      
    $sql=&quote;UPDATE utente SET observacao='{$_POST&#1111;'observacao']}' WHERE codigo_ut='&quote; . $codigo_utente . &quote;'&quote;;
    $rs = pg_query($con, $sql) or die (&quote;erro&quote;);
	  echo error(&quote;updated&quote;);
  }
}

function error($error)
{
if($error == 'blank')
{
echo &quote;<b>Por favor preencha todos os campos</b>&quote;;
}
if($error == 'password')
{
echo &quote;<b>The passwords do not match</b>&quote;;
}
if($error == 'updated')
{
echo &quote;<b>Alteracao Efectuada com sucesso</b>&quote;;
}
}
?>

Hi when i do this the update dont work.
Its possible that i lose the value for the varibale $codigo_utente?

Thanks in advance

Posted: Wed Jul 13, 2005 10:04 am
by pickle
Nothing I can see right away. I'd suggest calling print_r($_POST) and print_r($_GET) to see what they are after you've submitted the form.

Posted: Thu Jul 14, 2005 3:41 am
by jfigueiredo
i resolve the problem
i use,

Code: Select all

echo &quote;<input type=hidden name=codigo_utente_esc value='&quote;.$codigo_utente.&quote;'>&quote;;
to put the value passed in de url and then i can used in update like this:

Code: Select all

$sql=&quote;UPDATE utente SET nome='{$_POST&#1111;'nome']}'  WHERE codigo_ut='&quote; .$_POST&#1111;'codigo_utente_esc']. &quote;'&quote;;
thanks

Posted: Thu Jul 14, 2005 10:17 am
by pickle
I STRONGLY suggest you do some input validation on the POST variables before just throwing them in a query. What happens if $_POST['nome'] had a single quote in it? It would break your query.

Posted: Thu Jul 14, 2005 11:23 am
by jfigueiredo
thanks for the sugestion will do that