Updating MySQL using PHP - a problem!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Updating MySQL using PHP - a problem!

Post by kdidymus »

Folks.

I have managed to build a page which contains a form. The form populates from existing data in the MySQL database and allows the user to amend any data he / she wishes. They then click SAVE CHANGES which sends the data to the following file:

Code: Select all

<?php
/*  Program name: amend.php
 *  Description:  Amends data in database.
 */
?>
<html>
<head><title>Success!</title></head>
<body>
<?php
 
    include_once("../*******.inc.php");
    $cxn = mysql_connect($host,$user,$password)
           or die ("couldn't connect to server");
    mysql_select_db($database);
    
   $query = "UPDATE tree SET urn='$_POST[urn]',surname='$_POST[surname]',forename='$_POST[forename]',middlenames='$_POST[middlenames]',dateofbirth='$_POST[dateofbirth]',placeofbirth='$_POST[placeofbirth]',mother='$_POST[mother]',father='$_POST[father]',sibling1='$_POST[sibling1]',sibling2='$_POST[sibling2]',sibling3='$_POST[sibling3]',sibling4='$_POST[sibling4]',sibling5='$_POST[sibling5]',sibling6='$_POST[sibling6]',sibling7='$_POST[sibling7]',sibling8='$_POST[sibling8]',sibling9='$_POST[sibling9]',sibling10='$_POST[sibling10]',christeningdate='$_POST[christeningdate]',christeningplace='$_POST[christeningplace]',spouse1='$_POST[spouse1]',spouse1marriagedate='$_POST[spouse1marriagedate]',spouse1marriageplace='$_POST[spouse1marriageplace]',spouse1child1='$_POST[spouse1child1]',spouse1child2='$_POST[spouse1child2]',spouse1child3='$_POST[spouse1child3]',spouse1child4='$_POST[spouse1child4]',spouse1child5='$_POST[spouse1child5]',spouse1child6='$_POST[spouse1child6]',spouse1child7='$_POST[spouse1child7]',spouse1child8='$_POST[spouse1child8]',spouse1child9='$_POST[spouse1child9]',spouse1child10='$_POST[spouse1child10]',spouse2='$_POST[spouse2]',spouse2marriagedate='$_POST[spouse2marriagedate]',spouse2marriageplace='$_POST[spouse2marriageplace]',spouse2child1='$_POST[spouse2child1]',spouse2child2='$_POST[spouse2child2]',spouse2child3='$_POST[spouse2child3]',spouse2child4='$_POST[spouse2child4]',spouse2child5='$_POST[spouse2child5]',spouse2child6='$_POST[spouse2child6]',spouse2child7='$_POST[spouse2child7]',spouse2child8='$_POST[spouse2child8]',spouse2child9='$_POST[spouse2child9]',spouse2child10='$_POST[spouse2child10]',occupation='$_POST[occupation]',dateofdeath='$_POST[dateofdeath]',placeofdeath='$_POST[placeofdeath]',causeofdeath='$_POST[causeofdeath]',notes='$_POST[notes]',photographs='$_POST[photographs]',census='$_POST[census]',scrapbook='$_POST[scrapbook]',certificates='$_POST[certificates]',motherurn='$_POST[motherurn]',fatherurn='$_POST[fatherurn]',sibling1urn='$_POST[sibling1urn]',sibling2urn='$_POST[sibling2urn]',sibling3urn='$_POST[sibling3urn]',sibling4urn='$_POST[sibling4urn]',sibling5urn='$_POST[sibling5urn]',sibling6urn='$_POST[sibling6urn]',sibling7urn='$_POST[sibling7urn]',sibling8urn='$_POST[sibling8urn]',sibling9urn='$_POST[sibling9urn]',sibling10urn='$_POST[sibling10urn]',spouse1urn='$_POST[spouse1urn]',spouse1child1urn='$_POST[spouse1child1urn]',spouse1child2urn='$_POST[spouse1child2urn]',spouse1child3urn='$_POST[spouse1child3urn]',spouse1child4urn='$_POST[spouse1child4urn]',spouse1child5urn='$_POST[spouse1child5urn]',spouse1child6urn='$_POST[spouse1child6urn]',spouse1child7urn='$_POST[spouse1child7urn]',spouse1child8urn='$_POST[spouse1child8urn]',spouse1child9urn='$_POST[spouse1child9urn]',spouse1child10urn='$_POST[spouse1child10urn]',spouse2urn='$_POST[spouse2urn]',spouse2child1urn='$_POST[spouse2child1urn]',spouse2child2urn='$_POST[spouse2child2urn]',spouse2child3urn='$_POST[spouse2child3urn]',spouse2child4urn='$_POST[spouse2child4urn]',spouse2child5urn='$_POST[spouse2child5urn]',spouse2child6urn='$_POST[spouse2child6urn]',spouse2child7urn='$_POST[spouse2child7urn]',spouse2child8urn='$_POST[spouse2child8urn]',spouse2child9urn='$_POST[spouse2child9urn]',spouse2child10urn='$_POST[spouse2child10urn]',yearofbirth='$_POST[yearofbirth]',photo1urn='$_POST[photo1urn]',photo1description='$_POST[photo1description]',photo2urn='$_POST[photo2urn]',photo2description='$_POST[photo2description]',photo3urn='$_POST[photo3urn]',photo3description='$_POST[photo3description]',photo4urn='$_POST[photo4urn]',photo4description='$_POST[photo4description]',photo5urn='$_POST[photo5urn]',photo5description='$_POST[photo5description]',photo6urn='$_POST[photo6urn]',photo6description='$_POST[photo6description]',photo7urn='$_POST[photo7urn]',photo7description='$_POST[photo7description]',photo8urn='$_POST[photo8urn]',photo8description='$_POST[photo8description]',photo9urn='$_POST[photo9urn]',photo9description='$_POST[photo9description]',photo10urn='$_POST[photo10urn]',photo10description='$_POST[photo10description]',cert1urn='$_POST[cert1urn]',cert1description='$_POST[cert1description]',cert2urn='$_POST[cert2urn]',cert2description='$_POST[cert2description]',cert3urn='$_POST[cert3urn]',cert3description='$_POST[cert3description]',cert4urn='$_POST[cert4urn]',cert4description='$_POST[cert4description]',cert5urn='$_POST[cert5urn]',cert5description='$_POST[cert5description]',stories1urn='$_POST[stories1urn]',stories1description='$_POST[stories1description]',stories2urn='$_POST[stories2urn]',stories2description='$_POST[stories2description]',stories3urn='$_POST[stories3urn]',stories3description='$_POST[stories3description]',stories4urn='$_POST[stories4urn]',stories4description='$_POST[stories4description]',stories5urn='$_POST[stories5urn]',stories5description='$_POST[stories5description]',stories6urn='$_POST[stories6urn]',stories6description='$_POST[stories6description]',stories7urn='$_POST[stories7urn]',stories7description='$_POST[stories7description]',stories8urn='$_POST[stories8urn]',stories8description='$_POST[stories8description]',stories9urn='$_POST[stories9urn]',stories9description='$_POST[stories9description]',stories10urn='$_POST[stories10urn]',stories10description='$_POST[stories10description]',sibling11='$_POST[sibling11]',sibling11urn='$_POST[sibling11urn]',sibling12='$_POST[sibling12]',sibling12urn='$_POST[sibling12urn]',spouse1child11='$_POST[spouse1child11]',spouse1child11urn='$_POST[spouse1child11urn]',spouse1child12='$_POST[spouse1child12]',spouse1child12urn='$_POST[spouse1child12urn]',spouse2child11='$_POST[spouse2child11]',spouse2child11urn='$_POST[spouse2child11urn]',spouse2child12='$_POST[spouse2child12]',spouse2child12urn='$_POST[spouse2child12urn]',cert1fn='$_POST[cert1fn]',cert2fn='$_POST[cert2fn]',cert3fn='$_POST[cert3fn]',cert4fn='$_POST[cert4fn]',cert5fn='$_POST[cert5fn]',relative='$_POST[relative]' WHERE urn='$POST[urn]'"; 
    $result = mysql_query($query)
              or die ("Couldn't execute query.");
    echo "<p align='center'><h4>Record amended successfully!</h4><br><font face='Arial' size='2' color='#000000'>Click <a target='_top' style='font-family: Arial; font-size: 10pt; color: #000000; text-decoration: none' href='newrecord.htm'>HERE</a> to add new record</font>";
?>
</body></html>
 
When I try to amend an existing record it reports that it was done successfully.

HOWEVER - no changes are being made to my database.

Any idea why?

Thanks in advance.

Kris.
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Updating MySQL using PHP - a problem!

Post by nowaydown1 »

Hi Kris,

I would try to stick a print_r($_POST) in before your $query variable is built and just double check that everything seems to be in order. Specifically, I would look at the 'urn' key to make sure that it's being set properly, and that you do in fact have a record in your DB that matches that value.

Also, You should get some mysql_real_escape_string going for your $_POST vars that you're using to build out your query. As it stands, your script is highly open to SQL injection.
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Thank you for your advice.

I used the print_r($_post) line as you suggested. This is what my page returned:
Array ( [relative] => mal [urn] => 11164 [surname] => DIDYMUS [forename] => Kristian [middlenames] => Paul [dateofbirth] => (Censored) 1975 [yearofbirth] => 1975 [placeofbirth] => Freedom Fields Hospital, Plymouth, Devon, UK [mother] => HIBBETT, Jill [motherurn] => 108 [father] => DIDYMUS, Paul Leslie [fatherurn] => 16124 [sibling1] => [sibling1urn] => [sibling2] => [sibling2urn] => [sibling3] => [sibling3urn] => [sibling4] => [sibling4urn] => [sibling5] => [sibling5urn] => [sibling6] => [sibling6urn] => [sibling7] => [sibling7urn] => [sibling8] => [sibling8urn] => [sibling9] => [sibling9urn] => [sibling10] => [sibling10urn] => [sibling11] => [sibling11urn] => [sibling12] => [sibling12urn] => [christeningdate] => Sunday 24th April 1983 [christeningplace] => St. Stephen [spouse1] => OLIVER, Sarah Jayne [spouse1urn] => 191015 [spouse1marriagedate] => Friday 3rd December 2004 [spouse1marriageplace] => Elfordleigh Hotel, Colebrook, Devon, UK [spouse1child1] => PAGE, Sophie Lauren (Step-Daughter) [spouse1child1urn] => 191216 [spouse1child2] => DIDYMUS, Olivia Grace [spouse1child2urn] => 1574 [spouse1child3] => [spouse1child3urn] => [spouse1child4] => [spouse1child4urn] => [spouse1child5] => [spouse1child5urn] => [spouse1child6] => [spouse1child6urn] => [spouse1child7] => [spouse1child7urn] => [spouse1child8] => [spouse1child8urn] => [spouse1child9] => [spouse1child9urn] => [spouse1child10] => [spouse1child10urn] => [spouse1child11] => [spouse1child11urn] => [spouse1child12] => [spouse1child12urn] => [spouse2] => [spouse2urn] => [spouse2marriagedate] => [spouse2marriageplace] => [spouse2child1] => [spouse2child1urn] => [spouse2child2] => [spouse2child2urn] => [spouse2child3] => [spouse2child3urn] => [spouse2child4] => [spouse2child4urn] => [spouse2child5] => [spouse2child5urn] => [spouse2child6] => [spouse2child6urn] => [spouse2child7] => [spouse2child7urn] => [spouse2child8] => [spouse2child8urn] => [spouse2child9] => [spouse2child9urn] => [spouse2child10] => [spouse2child10urn] => [spouse2child11] => [spouse2child11urn] => [spouse2child12] => [spouse2child12urn] => [occupation] => Police Constable (Metropolitan Police Service) [dateofdeath] => [placeofdeath] => [causeofdeath] => [photographs] => tree/graphics/blank.gif [census] => tree/graphics/blank.gif [scrapbook] => tree/graphics/blank.gif [certificates] => tree/graphics/blank.gif [photo1urn] => [photo1description] => [photo2urn] => [photo2description] => [photo3urn] => [photo3description] => [photo4urn] => [photo4description] => [photo5urn] => [photo5description] => [photo6urn] => [photo6description] => [photo7urn] => [photo7description] => [photo8urn] => [photo8description] => [photo9urn] => [photo9description] => [photo10urn] => [photo10description] => [cert1urn] => blank [cert1description] => [cert1fn] => [cert2urn] => blank [cert2description] => [cert2fn] => [cert3urn] => blank [cert3description] => [cert3fn] => [cert4urn] => blank [cert4description] => [cert4fn] => [cert5urn] => blank [cert5description] => [cert5fn] => [stories1urn] => blank [stories1description] => [stories2urn] => blank [stories2description] => [stories3urn] => blank [stories3description] => [stories4urn] => blank [stories4description] => [stories5urn] => blank [stories5description] => [stories6urn] => blank [stories6description] => [stories7urn] => blank [stories7description] => [stories8urn] => blank [stories8description] => [stories9urn] => blank [stories9description] => [stories10urn] => blank [stories10description] => [notes] => This is a test of the update mode. [submit] => SAVE CHANGES )

Record amended successfully!

Click HERE to add new record
It SOUNDS good but sadly it still didn't update. The only field I changed was the notes field.

So I'm still stuck as to why my PHP isn't updating my database properly.

But I'm also interested in your suggestion of adding escape strings. I did that with my other pages but didn't realise this page was vulnerable (especially since the published version of this PHP file is in a locked directory).

What escape strings do you recommend and where? Be gentle with me - I'm a newbie!
User avatar
deejay
Forum Contributor
Posts: 201
Joined: Wed Jan 22, 2003 3:33 am
Location: Cornwall

Re: Updating MySQL using PHP - a problem!

Post by deejay »

how about

Code: Select all

 
$urn = $_POST['urn'];
$surname=$_POST['surname'];
// etc
$query = "UPDATE tree SET urn='$urn',surname='$surname' ";//etc
 
 
if that doesn't work then you could try and echo the variable and see if the statement works if you put the value in manually to see where the problem is
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Updating MySQL using PHP - a problem!

Post by nowaydown1 »

Kris,

Thanks for the response. How strange. What about if you spit out your $query variable? Does it still look okay? No worries on the escaping bit. The PHP security consortium has a pretty decent writeup about what SQL injection is all about and how to deal with it. That page is:

http://phpsec.org/projects/guide/3.html#3.2

If you're looking for implementation specifics, I would just check out the manual page for mysql_real_escape_string. The phpsec site above recommends the use of mysql_escape_string, but use mysql_real_escape_string instead. The former is now deprecated. Here's the manual page for it:

http://us2.php.net/mysql_real_escape_string

It has examples of what your code should look like. Just some other random things that come to mind. Are you using database transactions or anything (maybe you forgot to commit?). Maybe your or die statement is being weird. Try moving that to the same line as your mysql_query just for giggles. I would do a view source on that page too just to double check nothing is being output in the source that isn't visible on the normal page.
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Deejay.

You are a star. In fact, no. Scrap that. A God. A PHP God.

Not sure WHY your suggestion worked but the important thing is that it DID work!

Now all I need is a little help to add some escape strings to my amended code.

This is how it looks now after all of the alterations:

Code: Select all

<?php
/*  Program name: amend.php
 *  Description:  Amends data in database.
 */
?>
<html>
<head><title>Success!</title></head>
<body>
<?php
 
    include_once("../*******.inc.php");
    $cxn = mysql_connect($host,$user,$password)
           or die ("couldn't connect to server");
    mysql_select_db($database);
$urn=$_POST['urn'];
$surname=$_POST['surname'];
$forename=$_POST['forename'];
$middlenames=$_POST['middlenames'];
$dateofbirth=$_POST['dateofbirth'];
$placeofbirth=$_POST['placeofbirth'];
$mother=$_POST['mother'];
$father=$_POST['father'];
$sibling1=$_POST['sibling1'];
$sibling2=$_POST['sibling2'];
$sibling3=$_POST['sibling3'];
$sibling4=$_POST['sibling4'];
$sibling5=$_POST['sibling5'];
$sibling6=$_POST['sibling6'];
$sibling7=$_POST['sibling7'];
$sibling8=$_POST['sibling8'];
$sibling9=$_POST['sibling9'];
$sibling10=$_POST['sibling10'];
$christeningdate=$_POST['christeningdate'];
$christeningplace=$_POST['christeningplace'];
$spouse1=$_POST['spouse1'];
$spouse1marriagedate=$_POST['spouse1marriagedate'];
$spouse1marriageplace=$_POST['spouse1marriageplace'];
$spouse1child1=$_POST['spouse1child1'];
$spouse1child2=$_POST['spouse1child2'];
$spouse1child3=$_POST['spouse1child3'];
$spouse1child4=$_POST['spouse1child4'];
$spouse1child5=$_POST['spouse1child5'];
$spouse1child6=$_POST['spouse1child6'];
$spouse1child7=$_POST['spouse1child7'];
$spouse1child8=$_POST['spouse1child8'];
$spouse1child9=$_POST['spouse1child9'];
$spouse1child10=$_POST['spouse1child10'];
$spouse2=$_POST['spouse2'];
$spouse2marriagedate=$_POST['spouse2marriagedate'];
$spouse2marriageplace=$_POST['spouse2marriageplace'];
$spouse2child1=$_POST['spouse2child1'];
$spouse2child2=$_POST['spouse2child2'];
$spouse2child3=$_POST['spouse2child3'];
$spouse2child4=$_POST['spouse2child4'];
$spouse2child5=$_POST['spouse2child5'];
$spouse2child6=$_POST['spouse2child6'];
$spouse2child7=$_POST['spouse2child7'];
$spouse2child8=$_POST['spouse2child8'];
$spouse2child9=$_POST['spouse2child9'];
$spouse2child10=$_POST['spouse2child10'];
$occupation=$_POST['occupation'];
$dateofdeath=$_POST['dateofdeath'];
$placeofdeath=$_POST['placeofdeath'];
$causeofdeath=$_POST['causeofdeath'];
$notes=$_POST['notes'];
$photographs=$_POST['photographs'];
$census=$_POST['census'];
$scrapbook=$_POST['scrapbook'];
$certificates=$_POST['certificates'];
$motherurn=$_POST['motherurn'];
$fatherurn=$_POST['fatherurn'];
$sibling1urn=$_POST['sibling1urn'];
$sibling2urn=$_POST['sibling2urn'];
$sibling3urn=$_POST['sibling3urn'];
$sibling4urn=$_POST['sibling4urn'];
$sibling5urn=$_POST['sibling5urn'];
$sibling6urn=$_POST['sibling6urn'];
$sibling7urn=$_POST['sibling7urn'];
$sibling8urn=$_POST['sibling8urn'];
$sibling9urn=$_POST['sibling9urn'];
$sibling10urn=$_POST['sibling10urn'];
$spouse1urn=$_POST['spouse1urn'];
$spouse1child1urn=$_POST['spouse1child1urn'];
$spouse1child2urn=$_POST['spouse1child2urn'];
$spouse1child3urn=$_POST['spouse1child3urn'];
$spouse1child4urn=$_POST['spouse1child4urn'];
$spouse1child5urn=$_POST['spouse1child5urn'];
$spouse1child6urn=$_POST['spouse1child6urn'];
$spouse1child7urn=$_POST['spouse1child7urn'];
$spouse1child8urn=$_POST['spouse1child8urn'];
$spouse1child9urn=$_POST['spouse1child9urn'];
$spouse1child10urn=$_POST['spouse1child10urn'];
$spouse2urn=$_POST['spouse2urn'];
$spouse2child1urn=$_POST['spouse2child1urn'];
$spouse2child2urn=$_POST['spouse2child2urn'];
$spouse2child3urn=$_POST['spouse2child3urn'];
$spouse2child4urn=$_POST['spouse2child4urn'];
$spouse2child5urn=$_POST['spouse2child5urn'];
$spouse2child6urn=$_POST['spouse2child6urn'];
$spouse2child7urn=$_POST['spouse2child7urn'];
$spouse2child8urn=$_POST['spouse2child8urn'];
$spouse2child9urn=$_POST['spouse2child9urn'];
$spouse2child10urn=$_POST['spouse2child10urn'];
$yearofbirth=$_POST['yearofbirth'];
$photo1urn=$_POST['photo1urn'];
$photo1description=$_POST['photo1description'];
$photo2urn=$_POST['photo2urn'];
$photo2description=$_POST['photo2description'];
$photo3urn=$_POST['photo3urn'];
$photo3description=$_POST['photo3description'];
$photo4urn=$_POST['photo4urn'];
$photo4description=$_POST['photo4description'];
$photo5urn=$_POST['photo5urn'];
$photo5description=$_POST['photo5description'];
$photo6urn=$_POST['photo6urn'];
$photo6description=$_POST['photo6description'];
$photo7urn=$_POST['photo7urn'];
$photo7description=$_POST['photo7description'];
$photo8urn=$_POST['photo8urn'];
$photo8description=$_POST['photo8description'];
$photo9description=$_POST['photo9description'];
$photo10urn=$_POST['photo10urn'];
$photo10description=$_POST['photo10description'];
$cert1urn=$_POST['cert1urn'];
$cert1description=$_POST['cert1description'];
$cert2urn=$_POST['cert2urn'];
$cert2description=$_POST['cert2description'];
$cert3urn=$_POST['cert3urn'];
$cert3description=$_POST['cert3description'];
$cert4urn=$_POST['cert4urn'];
$cert4description=$_POST['cert4description'];
$cert5urn=$_POST['cert5urn'];
$cert5description=$_POST['cert5description'];
$stories1urn=$_POST['stories1urn'];
$stories1description=$_POST['stories1description'];
$stories2urn=$_POST['stories2urn'];
$stories2description=$_POST['stories2description'];
$stories3urn=$_POST['stories3urn'];
$stories3description=$_POST['stories3description'];
$stories4urn=$_POST['stories4urn'];
$stories4description=$_POST['stories4description'];
$stories5urn=$_POST['stories5urn'];
$stories5description=$_POST['stories5description'];
$stories6urn=$_POST['stories6urn'];
$stories6description=$_POST['stories6description'];
$stories7urn=$_POST['stories7urn'];
$stories7description=$_POST['stories7description'];
$stories8urn=$_POST['stories8urn'];
$stories8description=$_POST['stories8description'];
$stories9urn=$_POST['stories9urn'];
$stories9description=$_POST['stories9description'];
$stories10urn=$_POST['stories10urn'];
$stories10description=$_POST['stories10description'];
$sibling11=$_POST['sibling11'];
$sibling11urn=$_POST['sibling11urn'];
$sibling12=$_POST['sibling12'];
$sibling12urn=$_POST['sibling12urn'];
$spouse1child11=$_POST['spouse1child11'];
$spouse1child11urn=$_POST['spouse1child11urn'];
$spouse1child12=$_POST['spouse1child12'];
$spouse1child12urn=$_POST['spouse1child12urn'];
$spouse2child11=$_POST['spouse2child11'];
$spouse2child11urn=$_POST['spouse2child11urn'];
$spouse2child12=$_POST['spouse2child12'];
$spouse2child12urn=$_POST['spouse2child12urn'];
$cert1fn=$_POST['cert1fn'];
$cert2fn=$_POST['cert2fn'];
$cert3fn=$_POST['cert3fn'];
$cert4fn=$_POST['cert4fn'];
$cert5fn=$_POST['cert5fn'];
$relative=$_POST['relative'];
    print_r($_POST);
    $query = "UPDATE tree SET urn='$urn',surname='$surname',forename='$forename',middlenames='$middlenames',dateofbirth='$dateofbirth',placeofbirth='$placeofbirth',mother='$mother',father='$father',sibling1='$sibling1',sibling2='$sibling2',sibling3='$sibling3',sibling4='$sibling4',sibling5='$sibling5',sibling6='$sibling6',sibling7='$sibling7',sibling8='$sibling8',sibling9='$sibling9',sibling10='$sibling10',christeningdate='$christeningdate',christeningplace='$christeningplace',spouse1='$spouse1',spouse1marriagedate='$spouse1marriagedate',spouse1marriageplace='$spouse1marriageplace',spouse1child1='$spouse1child1',spouse1child2='$spouse1child2',spouse1child3='$spouse1child3',spouse1child4='$spouse1child4',spouse1child5='$spouse1child5',spouse1child6='$spouse1child6',spouse1child7='$spouse1child7',spouse1child8='$spouse1child8',spouse1child9='$spouse1child9',spouse1child10='$spouse1child10',spouse2='$spouse2',spouse2marriagedate='$spouse2marriagedate',spouse2marriageplace='$spouse2marriageplace',spouse2child1='$spouse2child1',spouse2child2='$spouse2child2',spouse2child3='$spouse2child3',spouse2child4='$spouse2child4',spouse2child5='$spouse2child5',spouse2child6='$spouse2child6',spouse2child7='$spouse2child7',spouse2child8='$spouse2child8',spouse2child9='$spouse2child9',spouse2child10='$spouse2child10',occupation='$occupation',dateofdeath='$dateofdeath',placeofdeath='$placeofdeath',causeofdeath='$causeofdeath',notes='$notes',photographs='$photographs',census='$census',scrapbook='$scrapbook',certificates='$certificates',motherurn='$motherurn',fatherurn='$fatherurn',sibling1urn='$sibling1urn',sibling2urn='$sibling2urn',sibling3urn='$sibling3urn',sibling4urn='$sibling4urn',sibling5urn='$sibling5urn',sibling6urn='$sibling6urn',sibling7urn='$sibling7urn',sibling8urn='$sibling8urn',sibling9urn='$sibling9urn',sibling10urn='$sibling10urn',spouse1urn='$spouse1urn',spouse1child1urn='$spouse1child1urn',spouse1child2urn='$spouse1child2urn',spouse1child3urn='$spouse1child3urn',spouse1child4urn='$spouse1child4urn',spouse1child5urn='$spouse1child5urn',spouse1child6urn='$spouse1child6urn',spouse1child7urn='$spouse1child7urn',spouse1child8urn='$spouse1child8urn',spouse1child9urn='$spouse1child9urn',spouse1child10urn='$spouse1child10urn',spouse2urn='$spouse2urn',spouse2child1urn='$spouse2child1urn',spouse2child2urn='$spouse2child2urn',spouse2child3urn='$spouse2child3urn',spouse2child4urn='$spouse2child4urn',spouse2child5urn='$spouse2child5urn',spouse2child6urn='$spouse2child6urn',spouse2child7urn='$spouse2child7urn',spouse2child8urn='$spouse2child8urn',spouse2child9urn='$spouse2child9urn',spouse2child10urn='$spouse2child10urn',yearofbirth='$yearofbirth',photo1urn='$photo1urn',photo1description='$photo1description',photo2urn='$photo2urn',photo2description='$photo2description',photo3urn='$photo3urn',photo3description='$photo3description',photo4urn='$photo4urn',photo4description='$photo4description',photo5urn='$photo5urn',photo5description='$photo5description',photo6urn='$photo6urn',photo6description='$photo6description',photo7urn='$photo7urn',photo7description='$photo7description',photo8urn='$photo8urn',photo8description='$photo8description',photo9urn='$photo9urn',photo9description='$photo9description',photo10urn='$photo10urn',photo10description='$photo10description',cert1urn='$cert1urn',cert1description='$cert1description',cert2urn='$cert2urn',cert2description='$cert2description',cert3urn='$cert3urn',cert3description='$cert3description',cert4urn='$cert4urn',cert4description='$cert4description',cert5urn='$cert5urn',cert5description='$cert5description',stories1urn='$stories1urn',stories1description='$stories1description',stories2urn='$stories2urn',stories2description='$stories2description',stories3urn='$stories3urn',stories3description='$stories3description',stories4urn='$stories4urn',stories4description='$stories4description',stories5urn='$stories5urn',stories5description='$stories5description',stories6urn='$stories6urn',stories6description='$stories6description',stories7urn='$stories7urn',stories7description='$stories7description',stories8urn='$stories8urn',stories8description='$stories8description',stories9urn='$stories9urn',stories9description='$stories9description',stories10urn='$stories10urn',stories10description='$stories10description',sibling11='$sibling11',sibling11urn='$sibling11urn',sibling12='$sibling12',sibling12urn='$sibling12urn',spouse1child11='$spouse1child11',spouse1child11urn='$spouse1child11urn',spouse1child12='$spouse1child12',spouse1child12urn='$spouse1child12urn',spouse2child11='$spouse2child11',spouse2child11urn='$spouse2child11urn',spouse2child12='$spouse2child12',spouse2child12urn='$spouse2child12urn',cert1fn='$cert1fn',cert2fn='$cert2fn',cert3fn='$cert3fn',cert4fn='$cert4fn',cert5fn='$cert5fn',relative='$relative' WHERE urn='$urn'"; 
    $result = mysql_query($query)
              or die ("Couldn't execute query.");
    echo "<p align='$center'><h4>Record amended successfully!</h4><br><font face='$Arial' size='$2' color='$#000000'>Click <a target='$_top' style='$font-family: Arial; font-size: 10pt; color: #000000; text-decoration: none' href='$newrecord.htm'>HERE</a> to add new record</font>";
?>
</body></html>
 
Thanks in advance folks.
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Updating MySQL using PHP - a problem!

Post by nowaydown1 »

Groovy. Glad deejay got it sorted out for you! 8)
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Oh and one more question.

As I mentioned before, I've desiged a PHP page which connects to my MySQL database and populates a form from a specific row (or "urn") for editing.

Problem is, whenever an apostrophre (') appears in my data (e.g. St. Stephen's Church) the PHP seems to ignore the remainder of that column so all I end up with is St. Stephen.

Is there a way of forcing the PHP to download everything including apostrophes?

Thanks folks. I couldn't do this without you.

KD.
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Hey Nowaydown. You helped too! If it weren't for you I would have lost confidence in my first attempt and gone on to try something which DEFINITELY wouldn't have worked. By suggesting the print_r addition I knew that the bulk of my code was working. I just needed that extra shove to get me going!
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Updating MySQL using PHP - a problem!

Post by nowaydown1 »

No worries. Happy to help out. The problem you described with the quotes is a side effect of not escaping your data properly. If you follow through on the mysql_real_escape_string you'll solve that problem in the process. :D
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Nope. Been working on this for nearly two hours now and I cannot work out how to use the escape strings.

Have a PHP primer which has "helpfully" suggested adding a / to the string and this is fine for manually entered text but I want to apply it to ALL of the data being downloaded.

I have tried various combinations of "addslashes", "stripslashes" and various manifestations of escape strings (which I have unsuccessfully applied to the "query" string of my page. But these just cause a die message.

Anybody help me with which string I should escape and how to escape it so that apostrophes are not escaped but downloaded "as is" to my form?

Sorry to be a pain. This is a tight learning curve for me!

KD.
User avatar
deejay
Forum Contributor
Posts: 201
Joined: Wed Jan 22, 2003 3:33 am
Location: Cornwall

Re: Updating MySQL using PHP - a problem!

Post by deejay »

thanks for the praise but deffinatly no php god. just a green belt on the learning curve as well ;)

are you adding the slashes before you get to the query ie

Code: Select all

 
    <?php  
 
$str = "Is your name O'reilly?";
 
 
echo addslashes($str);
// Outputs: Is your name O\'reilly?
 
?>
 
 
so

Code: Select all

 
$urn=addslashes($_POST['urn']);
$surname=addslashes($_POST['surname']);
 
should sort it.
kdidymus
Forum Contributor
Posts: 196
Joined: Tue May 13, 2008 3:37 am

Re: Updating MySQL using PHP - a problem!

Post by kdidymus »

Think we have our wires cross. Going to start a new topic on this one.

KD.
Post Reply