Update Problem [SOLVED]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Update Problem [SOLVED]

Post by iknownothing »

Hey all,
I am in the process of making it possible to edit data which comes out of a database, and then gets update upon submission. Simple enough, I've done it before, but this time it is not working, and for the life of me I can't understand why not.

PS. Very Sorry about the messiness of the code, I'll clean it up once I've got this worked out, if you cant understand it, I'll clean it up before you can see whats wrong.

Code: Select all

if (isset($_POST['editclientdetails'])) {
	
	$hello = $_POST['clientnama'];
	$idd = $POST['idd'];
	$postaddlineone = $POST['postaddlineone'];
	$postaddlinetwo = $POST['postaddlinetwo'];
	$physaddlineone = $POST['physaddlineone'];
	$physaddlinetwo = $POST['physaddlinetwo'];
	$phone = $POST['phone'];
	$fax = $POST['fax'];
	$contactone = $POST['contactone'];
	$mobileone = $POST['mobileone'];
	$emailone = $POST['emailone'];
	$contacttwo = $POST['contacttwo'];
	$mobiletwo = $POST['mobiletwo'];
	$emailtwo = $POST['emailtwo'];
	$poststate = $POST['poststate'];
	$postpostcode = $POST['postpostcode'];
	$postsuburb = $POST['postsuburb'];
	$physstate = $POST['physstate'];
	$physpostcode = $POST['physpostcode'];
	$physsuburb = $POST['physsuburb'];
	$deposita = $_POST['deposit'];
	$activea = $_POST['active'];
		
		/*	if($deposita == "yes")
				{
					$deposit = "1";
				}
			else
				{
					$deposit = "0";
				}
				
			if($activea == "yes")
			{
			$active = "1";
			}
			else{
				$active = "0";
				} */
				
				echo $idd;
				echo $hello;
			$sql = mysql_query("UPDATE clients SET clientname='$hello', postaddlineone='$postaddlineone' WHERE id = '$idd'", $con);
		 		if ($sql) {	// mysql saved ok
						$save_result = "<b>Task Marked:  Completed Task on: </b>";
				} 
				ELSE	
				{	// mysql failed to save
						$save_result = "<font color=red><b>Failed Completion</b></font>";
				}
				
	$theclient = $hello;
}
else 
{
	$theclient = $_GET['clientname'];
}


$showtask = MYSQL_QUERY("SELECT * FROM clients WHERE clientname = '$theclient'");

while ($row = mysql_fetch_assoc($showtask)) {
	
	  $id = $row['id'];
	  $clientname = $row['clientname'];
	  $postaddlineone = $row['postaddlineone'];
	  $postaddlinetwo = $row['postaddlinetwo'];
	  $physaddlineone = $row['physaddlineone'];
	  $physaddlinetwo = $row['physaddlinetwo'];
  	  $phone = $row['phone'];
  	  $fax = $row['fax'];
  	  $contactone = $row['contactone'];
  	  $mobileone = $row['mobileone'];
  	  $emailone = $row['emailone'];
  	  $contacttwo = $row['contacttwo'];
  	  $mobiletwo = $row['mobiletwo'];
  	  $emailtwo = $row['emailtwo'];
  	  $poststate = $row['poststate'];
  	  $postpostcode = $row['postpostcode'];
  	  $postsuburb = $row['postsuburb'];
  	  $physstate = $row['physstate'];
  	  $physpostcode = $row['physpostcode'];
  	  $physsuburb = $row['physsuburb'];
  	 }

Code: Select all

<form method="post">
<input type="text" value="<? echo clientname; ?>" name="clientnama">
<input type="hidden" name="idd" value="<? echo $id; ?>">
<input type="submit" value="submit" name="editclientdetails">
thanks in advance
Last edited by iknownothing on Tue Jan 23, 2007 12:53 am, edited 4 times in total.
jammr
Forum Newbie
Posts: 16
Joined: Mon Jan 22, 2007 12:10 am

Post by jammr »

I would use an if statement to see if there's rows in those fields (mysql_num_rows), if there isn't, insert, if there is, update.
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

it all works fine now, apart from id, it wont POST the contents of the id field (which has has name="id" added to it since the last lot of code). Because its not posting, I cant complete the update. All variables are correct, I have no idea what is going on.
jammr
Forum Newbie
Posts: 16
Joined: Mon Jan 22, 2007 12:10 am

Post by jammr »

Paste the new code so we can see what it looks like. :D
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

It would be easier to debug SQL query if you just print the SQL query before executing it or just add mysql_error() on mysql_query() function.
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

New Code is up the top.

The SQL itself has nothing wrong with it, it is within the id ($idd) variable that the problem lies. I can't see why it won't work, but all other values are posting except the id. The SQL can't work because of the WHERE id = '$idd' statement.
jammr
Forum Newbie
Posts: 16
Joined: Mon Jan 22, 2007 12:10 am

Post by jammr »

I know $idd is a post variable but wouldn't it be easier to store their session and use that as the ID? I can't find any errors in the code, though.. hmm.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$hello = $_POST['clientnama'];
$idd = $POST['idd'];
$postaddlineone = $POST['postaddlineone'];
$postaddlinetwo = $POST['postaddlinetwo'];
$physaddlineone = $POST['physaddlineone'];
$physaddlinetwo = $POST['physaddlinetwo'];
$phone = $POST['phone'];
$fax = $POST['fax'];
$contactone = $POST['contactone'];
$mobileone = $POST['mobileone'];
$emailone = $POST['emailone'];
$contacttwo = $POST['contacttwo'];
$mobiletwo = $POST['mobiletwo'];
$emailtwo = $POST['emailtwo'];
$poststate = $POST['poststate'];
$postpostcode = $POST['postpostcode'];
$postsuburb = $POST['postsuburb'];
$physstate = $POST['physstate'];
$physpostcode = $POST['physpostcode'];
$physsuburb = $POST['physsuburb'];
$deposita = $_POST['deposit'];
$activea = $_POST['active'];
The array is called $_POST, not $POST. If you ran the script with error_reporting=E_ALL and ini_set('display_errors', true) (or having an eye on the error log) php had printed a notice about accessing an non-existing variable. You really should consider setting error_reporting to E_ALL in the php.ini of your development pc.

Why do you assign all those array elements to plain variables? You're only using three of them in your update statement. The rest only clouds the real important code snippets, I'd rather left them out. If you need all those parameters for the real update statement I'd write some code that only takes the field names and processes them in a foreach loop rather than having that much dead copy&paste code in the script.

Your script is prone to sql injection attacks. Use mysql_real_escape_string to sanatize sql string literals.

Try

Code: Select all

if (isset($_POST['editclientdetails'])) {
  if ( !isset($_POST['clientnama'], $_POST['postaddlineone'], $_POST['idd']) ) {
  	die('missing parameter');
	}
	$hello = mysql_real_escape_string($_POST['clientnama'], $con);
	$postaddlineone = mysql_real_escape_string($_POST['postaddlineone'], $con);
	$idd = mysql_real_escape_string($_POST['idd'], $con);

	$query = "UPDATE
			clients
		SET
			clientname='$hello',
			postaddlineone='$postaddlineone'
		WHERE
			id = '$idd'
		;"
	
	echo '<div>Debug: ', htmlentities($query), "</div>\n";
	$result = mysql_query($query, $con);
	if ($sql) {
		$save_result = "<b>Task Marked:  Completed Task on: </b>";
	}
	else {
		$save_result = "<font color=red><b>Failed Completion</b></font>";
	}
                               
	$theclient = $_POST['clientnama'];
}
else
{
	$theclient = $_GET['clientname'];
}

$query = "SELECT
		*
	FROM
		clients
	WHERE
		clientname = '$theclient'
	";
$showtask = mysql_query($query, $con) or die(mysql_error().': '.$query);
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

thanks volka, that worked, but I'm sure you already knew that. I feel quite stupid now, missing such a basic bit.

I'll also look into the example you have gave me, cheers.
Post Reply