Page 1 of 1

[Resolved] Updating data to an exisiting table.

Posted: Wed Jun 06, 2007 12:01 pm
by aredden
Hey. On the final leg of my project here. I have to find a way to append data to a from a form to a pre exisiting table.

Heres what im trying now...

Code: Select all

<?php

@session_start();

$con = mysql_connect("*","*","*");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("*", $con);

$id4 = $_SESSION['id2'];
$fquote1 = $_POST['fquote'];
$fbasis1 = $_POST['fbasis'];

mysql_query("UPDATE main2.id SET fquote='$fquote1', fbasis='$fbasis1'] WHERE main2.id = $id4");
mysql_close($con);

?>

Looks right but I cant just seem to get it to work..

Any help would be awesome. Thanks.

Posted: Wed Jun 06, 2007 12:18 pm
by superdezign
Theres a random closing bracket in your update query... And you don't choose a column to update, you choose a table.

Code: Select all

UPDATE `tableName` SET ...

Posted: Wed Jun 06, 2007 12:27 pm
by aredden
whoops, I gave you the unupdated version sorry folks :S.. at work here so im a bit sluggish.

Code: Select all

<?php
//include("mailout.php");

session_start();

$con = mysql_connect("*","*","*");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("*", $con);

$id4 = $_SESSION['id2'];
$fquote = "111.3";
$fbasis = "$basis";

$fquote1 = $_POST['fquote'];
$fbasis1 = $_POST['fbasis'];

mysql_query("UPDATE main2 SET fquote='$fquote1', fbasis='$fbasis1' WHERE main2.id= $id4");
mysql_close($con);

?>

Posted: Wed Jun 06, 2007 12:44 pm
by volka
Do you want to append data, i.e. insert a new record, or do you want to modify existsing records, i.e. update the values of existing records?

Posted: Wed Jun 06, 2007 12:47 pm
by aredden
heh, append is the wrong choice of words it appears, I want to update an entry. calling it by an its id number.

Posted: Wed Jun 06, 2007 12:59 pm
by volka
let the script start with

Code: Select all

<?php
//include("mailout.php");
error_reporting(E_ALL);
ini_set('display_errors', true);
ini_set('mysql.trace_mode', true);
and also have a read of http://de2.php.net/security.database.sql-injection

Posted: Wed Jun 06, 2007 1:01 pm
by RobertGonzalez
You have a handful of problems in your code...

Code: Select all

<?php 
/*
FOR SOME REASON YOU ARE NOT INCLUDING THIS FILE
IF YOU DONT WANT IT HERE DELETE THE LINE
*/
//include("mailout.php"); 

session_start(); 

$con = mysql_connect("*","*","*"); 
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 

mysql_select_db("*", $con); 

/*
YOU DO ABSOLUTELY NO EXISTENCE CHECKS HERE
WHAT HAPPENS IF THIS SESSION VAR HAS NOT YET BEEN SET?
*/
$id4 = $_SESSION['id2']; 
$fquote = "111.3"; 

/*
WHERE DOE THE VAR $basis GET SET?
WRAPPING THIS STRING IN DOUBLE QUOTES TELLS
PHP TO PARSE THE STRING FOR VARS
*/
$fbasis = "$basis"; 

/*
AGAIN THERE ARE NO EXISTENCE CHECKS FOR THESE
VARS. WHAT HAPPENS IF THERE IS NOT POST ARRAY?
*/
$fquote1 = $_POST['fquote']; 
$fbasis1 = $_POST['fbasis']; 

/*
IF THE ABOVE VARS ARENT'T SET THEN THIS 
QUERY WILL USE NULL VALUES FOR UPDATES
*/
mysql_query("UPDATE main2 SET fquote='$fquote1', fbasis='$fbasis1' WHERE main2.id= $id4"); 
mysql_close($con); 
?>
The general syntax you want to follow for updates is:

Code: Select all

UPDATE `table` SET 
  `fieldName` = NEW_VALUE
WHERE `knownField` = FIELD_IDENTIFIER;
Sort of like you have it now. Just make sure you are passing it the right variables, which at the moment you are not checking.

Posted: Wed Jun 06, 2007 1:15 pm
by aredden
so starts. this page is not publicly assible. so A not a problem about sql injection.

secondly all variables will be set because inoder to get to this page they need to enter in the correct information.

This script is jsut so that I can update a simple database. even if i set fquote1 and fbasis1 to a number or string i cant get them to input.

so question is, is my update query in the improper format? i cant figure out what im doing wrong.

Code: Select all

<?php
session_start();

$con = mysql_connect("*","*","*");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("*", $con);

$id4 = $_SESSION['id2'];

$fquote1 = $_POST['fquote'];
$fbasis1 = $_POST['fbasis'];

mysql_query("UPDATE main2 SET fquote='$fquote1', fbasis='$fbasis1' WHERE main2.id= $id4");
mysql_close($con);

?>

Posted: Wed Jun 06, 2007 3:09 pm
by RobertGonzalez
This is in the correct format, yes:

Code: Select all

UPDATE main2 SET fquote='$fquote1', fbasis='$fbasis1' WHERE main2.id= $id4