Page 1 of 1

Update Problem [SOLVED]

Posted: Sun Jan 21, 2007 10:08 pm
by iknownothing
Hey all,
I am in the process of making it possible to edit data which comes out of a database, and then gets update upon submission. Simple enough, I've done it before, but this time it is not working, and for the life of me I can't understand why not.

PS. Very Sorry about the messiness of the code, I'll clean it up once I've got this worked out, if you cant understand it, I'll clean it up before you can see whats wrong.

Code: Select all

if (isset($_POST['editclientdetails'])) {
	
	$hello = $_POST['clientnama'];
	$idd = $POST['idd'];
	$postaddlineone = $POST['postaddlineone'];
	$postaddlinetwo = $POST['postaddlinetwo'];
	$physaddlineone = $POST['physaddlineone'];
	$physaddlinetwo = $POST['physaddlinetwo'];
	$phone = $POST['phone'];
	$fax = $POST['fax'];
	$contactone = $POST['contactone'];
	$mobileone = $POST['mobileone'];
	$emailone = $POST['emailone'];
	$contacttwo = $POST['contacttwo'];
	$mobiletwo = $POST['mobiletwo'];
	$emailtwo = $POST['emailtwo'];
	$poststate = $POST['poststate'];
	$postpostcode = $POST['postpostcode'];
	$postsuburb = $POST['postsuburb'];
	$physstate = $POST['physstate'];
	$physpostcode = $POST['physpostcode'];
	$physsuburb = $POST['physsuburb'];
	$deposita = $_POST['deposit'];
	$activea = $_POST['active'];
		
		/*	if($deposita == "yes")
				{
					$deposit = "1";
				}
			else
				{
					$deposit = "0";
				}
				
			if($activea == "yes")
			{
			$active = "1";
			}
			else{
				$active = "0";
				} */
				
				echo $idd;
				echo $hello;
			$sql = mysql_query("UPDATE clients SET clientname='$hello', postaddlineone='$postaddlineone' WHERE id = '$idd'", $con);
		 		if ($sql) {	// mysql saved ok
						$save_result = "<b>Task Marked:  Completed Task on: </b>";
				} 
				ELSE	
				{	// mysql failed to save
						$save_result = "<font color=red><b>Failed Completion</b></font>";
				}
				
	$theclient = $hello;
}
else 
{
	$theclient = $_GET['clientname'];
}


$showtask = MYSQL_QUERY("SELECT * FROM clients WHERE clientname = '$theclient'");

while ($row = mysql_fetch_assoc($showtask)) {
	
	  $id = $row['id'];
	  $clientname = $row['clientname'];
	  $postaddlineone = $row['postaddlineone'];
	  $postaddlinetwo = $row['postaddlinetwo'];
	  $physaddlineone = $row['physaddlineone'];
	  $physaddlinetwo = $row['physaddlinetwo'];
  	  $phone = $row['phone'];
  	  $fax = $row['fax'];
  	  $contactone = $row['contactone'];
  	  $mobileone = $row['mobileone'];
  	  $emailone = $row['emailone'];
  	  $contacttwo = $row['contacttwo'];
  	  $mobiletwo = $row['mobiletwo'];
  	  $emailtwo = $row['emailtwo'];
  	  $poststate = $row['poststate'];
  	  $postpostcode = $row['postpostcode'];
  	  $postsuburb = $row['postsuburb'];
  	  $physstate = $row['physstate'];
  	  $physpostcode = $row['physpostcode'];
  	  $physsuburb = $row['physsuburb'];
  	 }

Code: Select all

<form method="post">
<input type="text" value="<? echo clientname; ?>" name="clientnama">
<input type="hidden" name="idd" value="<? echo $id; ?>">
<input type="submit" value="submit" name="editclientdetails">
thanks in advance

Posted: Mon Jan 22, 2007 12:35 am
by jammr
I would use an if statement to see if there's rows in those fields (mysql_num_rows), if there isn't, insert, if there is, update.

Posted: Mon Jan 22, 2007 12:40 am
by iknownothing
it all works fine now, apart from id, it wont POST the contents of the id field (which has has name="id" added to it since the last lot of code). Because its not posting, I cant complete the update. All variables are correct, I have no idea what is going on.

Posted: Mon Jan 22, 2007 12:46 am
by jammr
Paste the new code so we can see what it looks like. :D

Posted: Mon Jan 22, 2007 4:12 am
by dibyendrah
It would be easier to debug SQL query if you just print the SQL query before executing it or just add mysql_error() on mysql_query() function.

Posted: Mon Jan 22, 2007 5:05 pm
by iknownothing
New Code is up the top.

The SQL itself has nothing wrong with it, it is within the id ($idd) variable that the problem lies. I can't see why it won't work, but all other values are posting except the id. The SQL can't work because of the WHERE id = '$idd' statement.

Posted: Mon Jan 22, 2007 6:12 pm
by jammr
I know $idd is a post variable but wouldn't it be easier to store their session and use that as the ID? I can't find any errors in the code, though.. hmm.

Posted: Mon Jan 22, 2007 9:45 pm
by volka
$hello = $_POST['clientnama'];
$idd = $POST['idd'];
$postaddlineone = $POST['postaddlineone'];
$postaddlinetwo = $POST['postaddlinetwo'];
$physaddlineone = $POST['physaddlineone'];
$physaddlinetwo = $POST['physaddlinetwo'];
$phone = $POST['phone'];
$fax = $POST['fax'];
$contactone = $POST['contactone'];
$mobileone = $POST['mobileone'];
$emailone = $POST['emailone'];
$contacttwo = $POST['contacttwo'];
$mobiletwo = $POST['mobiletwo'];
$emailtwo = $POST['emailtwo'];
$poststate = $POST['poststate'];
$postpostcode = $POST['postpostcode'];
$postsuburb = $POST['postsuburb'];
$physstate = $POST['physstate'];
$physpostcode = $POST['physpostcode'];
$physsuburb = $POST['physsuburb'];
$deposita = $_POST['deposit'];
$activea = $_POST['active'];
The array is called $_POST, not $POST. If you ran the script with error_reporting=E_ALL and ini_set('display_errors', true) (or having an eye on the error log) php had printed a notice about accessing an non-existing variable. You really should consider setting error_reporting to E_ALL in the php.ini of your development pc.

Why do you assign all those array elements to plain variables? You're only using three of them in your update statement. The rest only clouds the real important code snippets, I'd rather left them out. If you need all those parameters for the real update statement I'd write some code that only takes the field names and processes them in a foreach loop rather than having that much dead copy&paste code in the script.

Your script is prone to sql injection attacks. Use mysql_real_escape_string to sanatize sql string literals.

Try

Code: Select all

if (isset($_POST['editclientdetails'])) {
  if ( !isset($_POST['clientnama'], $_POST['postaddlineone'], $_POST['idd']) ) {
  	die('missing parameter');
	}
	$hello = mysql_real_escape_string($_POST['clientnama'], $con);
	$postaddlineone = mysql_real_escape_string($_POST['postaddlineone'], $con);
	$idd = mysql_real_escape_string($_POST['idd'], $con);

	$query = "UPDATE
			clients
		SET
			clientname='$hello',
			postaddlineone='$postaddlineone'
		WHERE
			id = '$idd'
		;"
	
	echo '<div>Debug: ', htmlentities($query), "</div>\n";
	$result = mysql_query($query, $con);
	if ($sql) {
		$save_result = "<b>Task Marked:  Completed Task on: </b>";
	}
	else {
		$save_result = "<font color=red><b>Failed Completion</b></font>";
	}
                               
	$theclient = $_POST['clientnama'];
}
else
{
	$theclient = $_GET['clientname'];
}

$query = "SELECT
		*
	FROM
		clients
	WHERE
		clientname = '$theclient'
	";
$showtask = mysql_query($query, $con) or die(mysql_error().': '.$query);

Posted: Mon Jan 22, 2007 11:07 pm
by iknownothing
thanks volka, that worked, but I'm sure you already knew that. I feel quite stupid now, missing such a basic bit.

I'll also look into the example you have gave me, cheers.