Page 1 of 1
update query problem
Posted: Mon Jan 29, 2007 12:13 pm
by slash_gnr3k
hi,
i have the following problem and really cant see what im doing wrong:
on my dishdetails.php i have the following code:
Code: Select all
<?php
echo '<p><a href ="editrecipe.php?
dishid=' . $dishid . '&
name=' . $name . '&
method='. $method . '&
preptime=' . $preptime . '&
cooktime=' . $cooktime . '
">Edit</a>';
?>
which passes the parameters when a link is clicked and opens up editrecipe.php
in editrecipe.php i have the following code:
Code: Select all
if(isset($_POST['newdishname']))
{
$newdishname = $_POST['newdishname'];
$updatecommand = "UPDATE dishes SET
name ='$newdishname' WHERE dishid = '$dishid'";
if(!@mysql_query($updatecommand))
{
echo'<p>fail </p>';
}
else
{
echo"<p>$newdishname edited!</p>";
}
}
if there is a value in the textbox - 'newdishname' then that value is copied into a variable $newdishname. my problem lie in the SQL command - $updatecommand, in the condition. if i put 1 instead of '$dishid' then the query works and the entry is changed. however $dishid does not . i know that this cariable contains the value 1 because the address bar says
editrecipe.php?dishid=1
and i can printout the value using the echo command. im stumped. anyone know? thanks
Posted: Mon Jan 29, 2007 12:30 pm
by TheMoose
If you aren't posting dishid thru the form, you need to set it using $_GET. Also, you're quoting $dishid in the update query, which forces it into a string value. Remove the single quotes around $dishid and it will treat is as a number.
Posted: Mon Jan 29, 2007 12:30 pm
by jwalsh
You need to define $dishid
Be very careful inserting data into the database without escaping it. You're asking for trouble. I recommend:
Code: Select all
$newdishname = mysql_real_escape_string($_GET['newdishname']);
Posted: Mon Jan 29, 2007 12:47 pm
by slash_gnr3k
ok thanks,
tried those suggestions and couldnt get it working. i started backtracking to try and find the problem.
Code: Select all
if(isset($_POST['newdishname']))
{
$newdishname = $_POST['newdishname'];
$updatecommand = "UPDATE dishes SET
//problem with this line
name ='$newdishname'";
if(!@mysql_query($updatecommand))
{
echo'<p>fail </p>';
}
else
{
echo"<p>$newdishname edited!</p>";
}
}
this query should change all dishes to whatever name is inserted, this doesnt work either which tells me maybe there is something wrong with my query. cant see what tho
Posted: Mon Jan 29, 2007 12:57 pm
by RobertGonzalez
You are suppressing errors, not using error handling, I think you are using a mysql reserved word in your table and your UPDATE query specifies no WHERE CLAUSE, so I assume you want o update all rows in the table to have name = $newdishname. Try this and see what it outputs.
Code: Select all
<?php
if(isset($_POST['newdishname']))
{
// For testing
echo 'The NEWDISHNAME post var shows as set.<br />';
$newdishname = $_POST['newdishname'];
// More testing
echo 'The newdishname reassignment shows as set to ' . $newdishname . '<br />';
// I think name is a reserved fieldname, so backtick it
// AND I REALLY THINK THIS NEEDS A WHERE CLAUSE
$updatecommand = "UPDATE `dishes` SET `name` ='$newdishname'";
// Handle errors WITHOUT ERROR SUPPRESSION
if (!$result = mysql_query($updatecommand))
{
die(mysql_error() . ' in SQL: ' . $updatecommand);
}
echo 'Everything should have worked if we see this...<br />';
}
?>
Posted: Mon Jan 29, 2007 1:10 pm
by jwalsh
Code: Select all
$updatecommand = "UPDATE dishes SET
//problem with this line
name ='{$newdishname}'";
Posted: Mon Jan 29, 2007 1:14 pm
by slash_gnr3k
ok,
i mite b onto the problem,
Code: Select all
if(isset($_POST['newdishname']))
{
$dishid = $_POST['dishid'];
$newdishname = $_POST['newdishname'];
echo"$dishid";
echo"$newdishname";
$updatecommand = "UPDATE dishes SET
name = '$newdishname' WHERE dishid = $dishid";
if(!@mysql_query($updatecommand))
{
echo'<p>fail ' . mysql_error() . '</p>';
}
else
{
echo"<p>$newdishname edited!</p>";
}
}
$newdishname is printed but $dishid isnt. if i change
to
it doesnt print so there must be some problem with the passing. dishid=1 is shown in the address bar so i dont see why i cant use it!?
Posted: Mon Jan 29, 2007 1:16 pm
by jwalsh
Why don't you show us the sql statement that's being generated to make sure it's correct.
Posted: Mon Jan 29, 2007 1:17 pm
by RobertGonzalez
Show your form (the actual HTML that posts) and show what the query string will look like. It might be a problem with where you are getting the data.
Posted: Mon Jan 29, 2007 1:20 pm
by slash_gnr3k
Code: Select all
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method = "post">
<h2>Dish Information</h2>
Dish Name:
<p><input type = "text" name = "newdishname" value = "<?php echo "$name"; ?>" /></p>
Method For Preparation And Cooking:
<p><textarea name = "newmethod" rows = "10"><?php echo "$method"; ?></textarea></p>
Preperation Time In Minutes:
<p><input type = "text" name = "newpreptime" value = "<?php echo "$preptime"; ?>" /></p>
Cooking Time In Minutes:
<p><input type = "text" name = "newcooktime" value = "<?php echo "$cooktime"; ?>" /></p>
Is The Dish Vegtarian?
<p>
<select name = "newvegetarian" size = 1>
<option value = "Yes">Yes
<option value = "No">No
</select>
</p>
What Type Of Dish Is This?
<p>
<select name = "newtype" size = 1>
<option value = "Main Course">Main Course
<option value = "Dessert">Dessert
<option value = "Supplement">Supplement
</select>
</p>
<p><input type = "submit" value = "SUBMIT" /></p>
<a href ="index.html">Return To Main page</a>
</form>
here i can display all passed variables - eg $cooktime and it works
but on the script that is causing me problems (which is in the same file as the code above) i cannot display them.
Posted: Mon Jan 29, 2007 1:31 pm
by RobertGonzalez
If you have this form:
Code: Select all
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<h2>Dish Information</h2>
Dish Name:
<p><input type="text" name="newdishname" value="<?php echo $name; ?>" /></p>
Method For Preparation And Cooking:
<p><textarea name="newmethod" rows="10"><?php echo $method; ?></textarea></p>
Preperation Time In Minutes:
<p><input type="text" name="newpreptime" value="<?php echo $preptime; ?>" /></p>
Cooking Time In Minutes:
<p><input type="text" name="newcooktime" value="<?php echo $cooktime; ?>" /></p>
Is The Dish Vegtarian?
<p>
<select name="newvegetarian" size=1>
<option value="Yes">Yes
<option value="No">No
</select>
</p>
What Type Of Dish Is This?
<p>
<select name="newtype" size=1>
<option value="Main Course">Main Course
<option value="Dessert">Dessert
<option value="Supplement">Supplement
</select>
</p>
<p><input type="submit" value="SUBMIT" /></p>
<a href="index.html">Return To Main page</a>
</form>
When you post it, do a var_dump() of the $_POST array to see what is actually in the array. There is not id field in there. Since I cannot see the querystring that is being passed, I can only assume that you are not sending the ID, so that will always cause you issue. And you should still be backticking your MySQL fieldnames.
Posted: Mon Jan 29, 2007 1:48 pm
by slash_gnr3k
yes you're right. i realised that as i was looking over it before you posted back! so thats the problem. as i said before, the only way to get to this page is a link through a display page
Code: Select all
<?php
echo '<p><a href ="editrecipe.php?
dishid=' . $dishid . '&
name=' . $name . '&
method='. $method . '&
preptime=' . $preptime . '&
cooktime=' . $cooktime . '
">Edit</a>';
?>
as shown above. am i passing it right? it shows the value in the address bar when i click the link so i assume im just not using it right. how can i add it to the post array?
Posted: Mon Jan 29, 2007 2:18 pm
by slash_gnr3k
ive sorted it now. i used the hidden input type to add it to the post array and now it all works fine! thanks a lot people for all your help!
Posted: Mon Jan 29, 2007 2:34 pm
by RobertGonzalez
Glad we could help.