Page 1 of 1

Simple Update Form Not Doing Its Job

Posted: Mon Feb 27, 2006 12:57 am
by nickman013
Hello,

Ive got a page that displays all of the rows. It puts it into a form also that updates the row.

It doesnt work the form method. But it works manually. I cant seem to figure it out. Ive had it working before.

display.php

Code: Select all

$username2= "muot_report";  
$password2= "report";  
$database2= "muot_report";  
$connection2 = mysql_connect('localhost',$username2,$password2);  
mysql_select_db($database2); 
$sql = "SELECT * 
FROM  `report`";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)) {
echo '<table border=0><form method=post action=/site/muotReport/updateMuot.php>';
echo '<tr><td valign=center>';
echo $row['Code'];
echo '</td></tr>';
echo '<input type=hidden name=switch value=';
echo $row['Number'];
echo '>';
echo '</td></tr>';
echo '<tr><td align=center><input type=submit value="Set As Default Muot"></tr></td>';
echo '</table>';
echo '<br><br>';
};
mysql_close($connection2);
also any ideas on making this script better, please tell me

updatemuot.php

Code: Select all

$username2= "muot_report";  
$password2= "report";  
$database2= "muot_report";  
$connection2 = mysql_connect('localhost',$username2,$password2);  
mysql_select_db($database2); 
mysql_query('UPDATE report set `Live` = 0'); 
mysql_query('UPDATE report set `Live` = 1 WHERE `Number` ='.$switch);
It works when I do it manually, but not the form method.

Thank You!

Posted: Mon Feb 27, 2006 1:01 am
by feyd
you're assuming register_globals is on, when it is not.

Posted: Mon Feb 27, 2006 1:11 am
by John Cartwright
fyi, might want to turn on eror reporting to E_ALL to see undefined variables.

You can do this either in your individual script:

Code: Select all

error_reporting(E_ALL);
or change your php.ini file to apply it to all scripts

Posted: Mon Feb 27, 2006 1:19 am
by feyd
There's a common serious security hole you have too. Not sanitizing incoming data, thereby allowing SQL injection.

Posted: Mon Feb 27, 2006 1:31 am
by nickman013
register_globals is on. I have a php.ini in every folder, and it has it on.

Posted: Mon Feb 27, 2006 1:55 am
by nickman013
I dont know why, but you were right feyd. Register globals was not on. Even though I have a php.ini file with "register_globals = On" in it. I did the $_POST method. It works. Thanks!

EDIT:

It worked once, now it doesnt work. I dont get it!

Posted: Mon Feb 27, 2006 2:03 am
by feyd
Do yourself a favor for down the road, write all your scripts as if register_globals is off and remember to initialize all variables before using them.

As a side note, wash behind your ears and wear clean undies when taking to the road.

Posted: Mon Feb 27, 2006 2:07 am
by nickman013
Haha.

I have the script written correctly, I think? But it still does not work. It worked one time. My hosting company says that register globals is turned on.

Posted: Mon Feb 27, 2006 2:09 am
by josh
nickman013 wrote:I have a php.ini in every folder
That's not how it works.

On a shared host you can only overide settings with ini_set() and with .htaccess (your host could have also disabled both of these)

Posted: Mon Feb 27, 2006 2:11 am
by feyd
do some debugging. echo out what $switch or whatever you call it now is. Make sure you are getting the correct output in the HTML. Output good HTML (all attribute values should be in quotes). Run phpinfo()..

Posted: Mon Feb 27, 2006 2:11 am
by nickman013
Idk, my host put it in every folder. So I assumed I needed to. My other scripts work.

Posted: Mon Feb 27, 2006 2:18 am
by nickman013
feyd wrote:do some debugging. echo out what $switch or whatever you call it now is. Make sure you are getting the correct output in the HTML. Output good HTML (all attribute values should be in quotes). Run phpinfo()..
I echoed out $switch. That was the problem, but I didnt solve it. It was echoing switch to be 3 for every row.

But when I view the source of the page switch is different for each form.

EDIT:

Found the error!

The error was because I was not ending the form for each row.


Thanks for all the help!