Page 1 of 1

Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 2:18 am
by kdidymus
Folks.

I have managed to build a page which contains a form. The form populates from existing data in the MySQL database and allows the user to amend any data he / she wishes. They then click SAVE CHANGES which sends the data to the following file:

Code: Select all

<?php
/*  Program name: amend.php
 *  Description:  Amends data in database.
 */
?>
<html>
<head><title>Success!</title></head>
<body>
<?php
 
    include_once("../*******.inc.php");
    $cxn = mysql_connect($host,$user,$password)
           or die ("couldn't connect to server");
    mysql_select_db($database);
    
   $query = "UPDATE tree SET urn='$_POST[urn]',surname='$_POST[surname]',forename='$_POST[forename]',middlenames='$_POST[middlenames]',dateofbirth='$_POST[dateofbirth]',placeofbirth='$_POST[placeofbirth]',mother='$_POST[mother]',father='$_POST[father]',sibling1='$_POST[sibling1]',sibling2='$_POST[sibling2]',sibling3='$_POST[sibling3]',sibling4='$_POST[sibling4]',sibling5='$_POST[sibling5]',sibling6='$_POST[sibling6]',sibling7='$_POST[sibling7]',sibling8='$_POST[sibling8]',sibling9='$_POST[sibling9]',sibling10='$_POST[sibling10]',christeningdate='$_POST[christeningdate]',christeningplace='$_POST[christeningplace]',spouse1='$_POST[spouse1]',spouse1marriagedate='$_POST[spouse1marriagedate]',spouse1marriageplace='$_POST[spouse1marriageplace]',spouse1child1='$_POST[spouse1child1]',spouse1child2='$_POST[spouse1child2]',spouse1child3='$_POST[spouse1child3]',spouse1child4='$_POST[spouse1child4]',spouse1child5='$_POST[spouse1child5]',spouse1child6='$_POST[spouse1child6]',spouse1child7='$_POST[spouse1child7]',spouse1child8='$_POST[spouse1child8]',spouse1child9='$_POST[spouse1child9]',spouse1child10='$_POST[spouse1child10]',spouse2='$_POST[spouse2]',spouse2marriagedate='$_POST[spouse2marriagedate]',spouse2marriageplace='$_POST[spouse2marriageplace]',spouse2child1='$_POST[spouse2child1]',spouse2child2='$_POST[spouse2child2]',spouse2child3='$_POST[spouse2child3]',spouse2child4='$_POST[spouse2child4]',spouse2child5='$_POST[spouse2child5]',spouse2child6='$_POST[spouse2child6]',spouse2child7='$_POST[spouse2child7]',spouse2child8='$_POST[spouse2child8]',spouse2child9='$_POST[spouse2child9]',spouse2child10='$_POST[spouse2child10]',occupation='$_POST[occupation]',dateofdeath='$_POST[dateofdeath]',placeofdeath='$_POST[placeofdeath]',causeofdeath='$_POST[causeofdeath]',notes='$_POST[notes]',photographs='$_POST[photographs]',census='$_POST[census]',scrapbook='$_POST[scrapbook]',certificates='$_POST[certificates]',motherurn='$_POST[motherurn]',fatherurn='$_POST[fatherurn]',sibling1urn='$_POST[sibling1urn]',sibling2urn='$_POST[sibling2urn]',sibling3urn='$_POST[sibling3urn]',sibling4urn='$_POST[sibling4urn]',sibling5urn='$_POST[sibling5urn]',sibling6urn='$_POST[sibling6urn]',sibling7urn='$_POST[sibling7urn]',sibling8urn='$_POST[sibling8urn]',sibling9urn='$_POST[sibling9urn]',sibling10urn='$_POST[sibling10urn]',spouse1urn='$_POST[spouse1urn]',spouse1child1urn='$_POST[spouse1child1urn]',spouse1child2urn='$_POST[spouse1child2urn]',spouse1child3urn='$_POST[spouse1child3urn]',spouse1child4urn='$_POST[spouse1child4urn]',spouse1child5urn='$_POST[spouse1child5urn]',spouse1child6urn='$_POST[spouse1child6urn]',spouse1child7urn='$_POST[spouse1child7urn]',spouse1child8urn='$_POST[spouse1child8urn]',spouse1child9urn='$_POST[spouse1child9urn]',spouse1child10urn='$_POST[spouse1child10urn]',spouse2urn='$_POST[spouse2urn]',spouse2child1urn='$_POST[spouse2child1urn]',spouse2child2urn='$_POST[spouse2child2urn]',spouse2child3urn='$_POST[spouse2child3urn]',spouse2child4urn='$_POST[spouse2child4urn]',spouse2child5urn='$_POST[spouse2child5urn]',spouse2child6urn='$_POST[spouse2child6urn]',spouse2child7urn='$_POST[spouse2child7urn]',spouse2child8urn='$_POST[spouse2child8urn]',spouse2child9urn='$_POST[spouse2child9urn]',spouse2child10urn='$_POST[spouse2child10urn]',yearofbirth='$_POST[yearofbirth]',photo1urn='$_POST[photo1urn]',photo1description='$_POST[photo1description]',photo2urn='$_POST[photo2urn]',photo2description='$_POST[photo2description]',photo3urn='$_POST[photo3urn]',photo3description='$_POST[photo3description]',photo4urn='$_POST[photo4urn]',photo4description='$_POST[photo4description]',photo5urn='$_POST[photo5urn]',photo5description='$_POST[photo5description]',photo6urn='$_POST[photo6urn]',photo6description='$_POST[photo6description]',photo7urn='$_POST[photo7urn]',photo7description='$_POST[photo7description]',photo8urn='$_POST[photo8urn]',photo8description='$_POST[photo8description]',photo9urn='$_POST[photo9urn]',photo9description='$_POST[photo9description]',photo10urn='$_POST[photo10urn]',photo10description='$_POST[photo10description]',cert1urn='$_POST[cert1urn]',cert1description='$_POST[cert1description]',cert2urn='$_POST[cert2urn]',cert2description='$_POST[cert2description]',cert3urn='$_POST[cert3urn]',cert3description='$_POST[cert3description]',cert4urn='$_POST[cert4urn]',cert4description='$_POST[cert4description]',cert5urn='$_POST[cert5urn]',cert5description='$_POST[cert5description]',stories1urn='$_POST[stories1urn]',stories1description='$_POST[stories1description]',stories2urn='$_POST[stories2urn]',stories2description='$_POST[stories2description]',stories3urn='$_POST[stories3urn]',stories3description='$_POST[stories3description]',stories4urn='$_POST[stories4urn]',stories4description='$_POST[stories4description]',stories5urn='$_POST[stories5urn]',stories5description='$_POST[stories5description]',stories6urn='$_POST[stories6urn]',stories6description='$_POST[stories6description]',stories7urn='$_POST[stories7urn]',stories7description='$_POST[stories7description]',stories8urn='$_POST[stories8urn]',stories8description='$_POST[stories8description]',stories9urn='$_POST[stories9urn]',stories9description='$_POST[stories9description]',stories10urn='$_POST[stories10urn]',stories10description='$_POST[stories10description]',sibling11='$_POST[sibling11]',sibling11urn='$_POST[sibling11urn]',sibling12='$_POST[sibling12]',sibling12urn='$_POST[sibling12urn]',spouse1child11='$_POST[spouse1child11]',spouse1child11urn='$_POST[spouse1child11urn]',spouse1child12='$_POST[spouse1child12]',spouse1child12urn='$_POST[spouse1child12urn]',spouse2child11='$_POST[spouse2child11]',spouse2child11urn='$_POST[spouse2child11urn]',spouse2child12='$_POST[spouse2child12]',spouse2child12urn='$_POST[spouse2child12urn]',cert1fn='$_POST[cert1fn]',cert2fn='$_POST[cert2fn]',cert3fn='$_POST[cert3fn]',cert4fn='$_POST[cert4fn]',cert5fn='$_POST[cert5fn]',relative='$_POST[relative]' WHERE urn='$POST[urn]'"; 
    $result = mysql_query($query)
              or die ("Couldn't execute query.");
    echo "<p align='center'><h4>Record amended successfully!</h4><br><font face='Arial' size='2' color='#000000'>Click <a target='_top' style='font-family: Arial; font-size: 10pt; color: #000000; text-decoration: none' href='newrecord.htm'>HERE</a> to add new record</font>";
?>
</body></html>
 
When I try to amend an existing record it reports that it was done successfully.

HOWEVER - no changes are being made to my database.

Any idea why?

Thanks in advance.

Kris.

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 9:04 am
by nowaydown1
Hi Kris,

I would try to stick a print_r($_POST) in before your $query variable is built and just double check that everything seems to be in order. Specifically, I would look at the 'urn' key to make sure that it's being set properly, and that you do in fact have a record in your DB that matches that value.

Also, You should get some mysql_real_escape_string going for your $_POST vars that you're using to build out your query. As it stands, your script is highly open to SQL injection.

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 2:57 pm
by kdidymus
Thank you for your advice.

I used the print_r($_post) line as you suggested. This is what my page returned:
Array ( [relative] => mal [urn] => 11164 [surname] => DIDYMUS [forename] => Kristian [middlenames] => Paul [dateofbirth] => (Censored) 1975 [yearofbirth] => 1975 [placeofbirth] => Freedom Fields Hospital, Plymouth, Devon, UK [mother] => HIBBETT, Jill [motherurn] => 108 [father] => DIDYMUS, Paul Leslie [fatherurn] => 16124 [sibling1] => [sibling1urn] => [sibling2] => [sibling2urn] => [sibling3] => [sibling3urn] => [sibling4] => [sibling4urn] => [sibling5] => [sibling5urn] => [sibling6] => [sibling6urn] => [sibling7] => [sibling7urn] => [sibling8] => [sibling8urn] => [sibling9] => [sibling9urn] => [sibling10] => [sibling10urn] => [sibling11] => [sibling11urn] => [sibling12] => [sibling12urn] => [christeningdate] => Sunday 24th April 1983 [christeningplace] => St. Stephen [spouse1] => OLIVER, Sarah Jayne [spouse1urn] => 191015 [spouse1marriagedate] => Friday 3rd December 2004 [spouse1marriageplace] => Elfordleigh Hotel, Colebrook, Devon, UK [spouse1child1] => PAGE, Sophie Lauren (Step-Daughter) [spouse1child1urn] => 191216 [spouse1child2] => DIDYMUS, Olivia Grace [spouse1child2urn] => 1574 [spouse1child3] => [spouse1child3urn] => [spouse1child4] => [spouse1child4urn] => [spouse1child5] => [spouse1child5urn] => [spouse1child6] => [spouse1child6urn] => [spouse1child7] => [spouse1child7urn] => [spouse1child8] => [spouse1child8urn] => [spouse1child9] => [spouse1child9urn] => [spouse1child10] => [spouse1child10urn] => [spouse1child11] => [spouse1child11urn] => [spouse1child12] => [spouse1child12urn] => [spouse2] => [spouse2urn] => [spouse2marriagedate] => [spouse2marriageplace] => [spouse2child1] => [spouse2child1urn] => [spouse2child2] => [spouse2child2urn] => [spouse2child3] => [spouse2child3urn] => [spouse2child4] => [spouse2child4urn] => [spouse2child5] => [spouse2child5urn] => [spouse2child6] => [spouse2child6urn] => [spouse2child7] => [spouse2child7urn] => [spouse2child8] => [spouse2child8urn] => [spouse2child9] => [spouse2child9urn] => [spouse2child10] => [spouse2child10urn] => [spouse2child11] => [spouse2child11urn] => [spouse2child12] => [spouse2child12urn] => [occupation] => Police Constable (Metropolitan Police Service) [dateofdeath] => [placeofdeath] => [causeofdeath] => [photographs] => tree/graphics/blank.gif [census] => tree/graphics/blank.gif [scrapbook] => tree/graphics/blank.gif [certificates] => tree/graphics/blank.gif [photo1urn] => [photo1description] => [photo2urn] => [photo2description] => [photo3urn] => [photo3description] => [photo4urn] => [photo4description] => [photo5urn] => [photo5description] => [photo6urn] => [photo6description] => [photo7urn] => [photo7description] => [photo8urn] => [photo8description] => [photo9urn] => [photo9description] => [photo10urn] => [photo10description] => [cert1urn] => blank [cert1description] => [cert1fn] => [cert2urn] => blank [cert2description] => [cert2fn] => [cert3urn] => blank [cert3description] => [cert3fn] => [cert4urn] => blank [cert4description] => [cert4fn] => [cert5urn] => blank [cert5description] => [cert5fn] => [stories1urn] => blank [stories1description] => [stories2urn] => blank [stories2description] => [stories3urn] => blank [stories3description] => [stories4urn] => blank [stories4description] => [stories5urn] => blank [stories5description] => [stories6urn] => blank [stories6description] => [stories7urn] => blank [stories7description] => [stories8urn] => blank [stories8description] => [stories9urn] => blank [stories9description] => [stories10urn] => blank [stories10description] => [notes] => This is a test of the update mode. [submit] => SAVE CHANGES )

Record amended successfully!

Click HERE to add new record
It SOUNDS good but sadly it still didn't update. The only field I changed was the notes field.

So I'm still stuck as to why my PHP isn't updating my database properly.

But I'm also interested in your suggestion of adding escape strings. I did that with my other pages but didn't realise this page was vulnerable (especially since the published version of this PHP file is in a locked directory).

What escape strings do you recommend and where? Be gentle with me - I'm a newbie!

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 3:18 pm
by deejay
how about

Code: Select all

 
$urn = $_POST['urn'];
$surname=$_POST['surname'];
// etc
$query = "UPDATE tree SET urn='$urn',surname='$surname' ";//etc
 
 
if that doesn't work then you could try and echo the variable and see if the statement works if you put the value in manually to see where the problem is

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 3:34 pm
by nowaydown1
Kris,

Thanks for the response. How strange. What about if you spit out your $query variable? Does it still look okay? No worries on the escaping bit. The PHP security consortium has a pretty decent writeup about what SQL injection is all about and how to deal with it. That page is:

http://phpsec.org/projects/guide/3.html#3.2

If you're looking for implementation specifics, I would just check out the manual page for mysql_real_escape_string. The phpsec site above recommends the use of mysql_escape_string, but use mysql_real_escape_string instead. The former is now deprecated. Here's the manual page for it:

http://us2.php.net/mysql_real_escape_string

It has examples of what your code should look like. Just some other random things that come to mind. Are you using database transactions or anything (maybe you forgot to commit?). Maybe your or die statement is being weird. Try moving that to the same line as your mysql_query just for giggles. I would do a view source on that page too just to double check nothing is being output in the source that isn't visible on the normal page.

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 3:48 pm
by kdidymus
Deejay.

You are a star. In fact, no. Scrap that. A God. A PHP God.

Not sure WHY your suggestion worked but the important thing is that it DID work!

Now all I need is a little help to add some escape strings to my amended code.

This is how it looks now after all of the alterations:

Code: Select all

<?php
/*  Program name: amend.php
 *  Description:  Amends data in database.
 */
?>
<html>
<head><title>Success!</title></head>
<body>
<?php
 
    include_once("../*******.inc.php");
    $cxn = mysql_connect($host,$user,$password)
           or die ("couldn't connect to server");
    mysql_select_db($database);
$urn=$_POST['urn'];
$surname=$_POST['surname'];
$forename=$_POST['forename'];
$middlenames=$_POST['middlenames'];
$dateofbirth=$_POST['dateofbirth'];
$placeofbirth=$_POST['placeofbirth'];
$mother=$_POST['mother'];
$father=$_POST['father'];
$sibling1=$_POST['sibling1'];
$sibling2=$_POST['sibling2'];
$sibling3=$_POST['sibling3'];
$sibling4=$_POST['sibling4'];
$sibling5=$_POST['sibling5'];
$sibling6=$_POST['sibling6'];
$sibling7=$_POST['sibling7'];
$sibling8=$_POST['sibling8'];
$sibling9=$_POST['sibling9'];
$sibling10=$_POST['sibling10'];
$christeningdate=$_POST['christeningdate'];
$christeningplace=$_POST['christeningplace'];
$spouse1=$_POST['spouse1'];
$spouse1marriagedate=$_POST['spouse1marriagedate'];
$spouse1marriageplace=$_POST['spouse1marriageplace'];
$spouse1child1=$_POST['spouse1child1'];
$spouse1child2=$_POST['spouse1child2'];
$spouse1child3=$_POST['spouse1child3'];
$spouse1child4=$_POST['spouse1child4'];
$spouse1child5=$_POST['spouse1child5'];
$spouse1child6=$_POST['spouse1child6'];
$spouse1child7=$_POST['spouse1child7'];
$spouse1child8=$_POST['spouse1child8'];
$spouse1child9=$_POST['spouse1child9'];
$spouse1child10=$_POST['spouse1child10'];
$spouse2=$_POST['spouse2'];
$spouse2marriagedate=$_POST['spouse2marriagedate'];
$spouse2marriageplace=$_POST['spouse2marriageplace'];
$spouse2child1=$_POST['spouse2child1'];
$spouse2child2=$_POST['spouse2child2'];
$spouse2child3=$_POST['spouse2child3'];
$spouse2child4=$_POST['spouse2child4'];
$spouse2child5=$_POST['spouse2child5'];
$spouse2child6=$_POST['spouse2child6'];
$spouse2child7=$_POST['spouse2child7'];
$spouse2child8=$_POST['spouse2child8'];
$spouse2child9=$_POST['spouse2child9'];
$spouse2child10=$_POST['spouse2child10'];
$occupation=$_POST['occupation'];
$dateofdeath=$_POST['dateofdeath'];
$placeofdeath=$_POST['placeofdeath'];
$causeofdeath=$_POST['causeofdeath'];
$notes=$_POST['notes'];
$photographs=$_POST['photographs'];
$census=$_POST['census'];
$scrapbook=$_POST['scrapbook'];
$certificates=$_POST['certificates'];
$motherurn=$_POST['motherurn'];
$fatherurn=$_POST['fatherurn'];
$sibling1urn=$_POST['sibling1urn'];
$sibling2urn=$_POST['sibling2urn'];
$sibling3urn=$_POST['sibling3urn'];
$sibling4urn=$_POST['sibling4urn'];
$sibling5urn=$_POST['sibling5urn'];
$sibling6urn=$_POST['sibling6urn'];
$sibling7urn=$_POST['sibling7urn'];
$sibling8urn=$_POST['sibling8urn'];
$sibling9urn=$_POST['sibling9urn'];
$sibling10urn=$_POST['sibling10urn'];
$spouse1urn=$_POST['spouse1urn'];
$spouse1child1urn=$_POST['spouse1child1urn'];
$spouse1child2urn=$_POST['spouse1child2urn'];
$spouse1child3urn=$_POST['spouse1child3urn'];
$spouse1child4urn=$_POST['spouse1child4urn'];
$spouse1child5urn=$_POST['spouse1child5urn'];
$spouse1child6urn=$_POST['spouse1child6urn'];
$spouse1child7urn=$_POST['spouse1child7urn'];
$spouse1child8urn=$_POST['spouse1child8urn'];
$spouse1child9urn=$_POST['spouse1child9urn'];
$spouse1child10urn=$_POST['spouse1child10urn'];
$spouse2urn=$_POST['spouse2urn'];
$spouse2child1urn=$_POST['spouse2child1urn'];
$spouse2child2urn=$_POST['spouse2child2urn'];
$spouse2child3urn=$_POST['spouse2child3urn'];
$spouse2child4urn=$_POST['spouse2child4urn'];
$spouse2child5urn=$_POST['spouse2child5urn'];
$spouse2child6urn=$_POST['spouse2child6urn'];
$spouse2child7urn=$_POST['spouse2child7urn'];
$spouse2child8urn=$_POST['spouse2child8urn'];
$spouse2child9urn=$_POST['spouse2child9urn'];
$spouse2child10urn=$_POST['spouse2child10urn'];
$yearofbirth=$_POST['yearofbirth'];
$photo1urn=$_POST['photo1urn'];
$photo1description=$_POST['photo1description'];
$photo2urn=$_POST['photo2urn'];
$photo2description=$_POST['photo2description'];
$photo3urn=$_POST['photo3urn'];
$photo3description=$_POST['photo3description'];
$photo4urn=$_POST['photo4urn'];
$photo4description=$_POST['photo4description'];
$photo5urn=$_POST['photo5urn'];
$photo5description=$_POST['photo5description'];
$photo6urn=$_POST['photo6urn'];
$photo6description=$_POST['photo6description'];
$photo7urn=$_POST['photo7urn'];
$photo7description=$_POST['photo7description'];
$photo8urn=$_POST['photo8urn'];
$photo8description=$_POST['photo8description'];
$photo9description=$_POST['photo9description'];
$photo10urn=$_POST['photo10urn'];
$photo10description=$_POST['photo10description'];
$cert1urn=$_POST['cert1urn'];
$cert1description=$_POST['cert1description'];
$cert2urn=$_POST['cert2urn'];
$cert2description=$_POST['cert2description'];
$cert3urn=$_POST['cert3urn'];
$cert3description=$_POST['cert3description'];
$cert4urn=$_POST['cert4urn'];
$cert4description=$_POST['cert4description'];
$cert5urn=$_POST['cert5urn'];
$cert5description=$_POST['cert5description'];
$stories1urn=$_POST['stories1urn'];
$stories1description=$_POST['stories1description'];
$stories2urn=$_POST['stories2urn'];
$stories2description=$_POST['stories2description'];
$stories3urn=$_POST['stories3urn'];
$stories3description=$_POST['stories3description'];
$stories4urn=$_POST['stories4urn'];
$stories4description=$_POST['stories4description'];
$stories5urn=$_POST['stories5urn'];
$stories5description=$_POST['stories5description'];
$stories6urn=$_POST['stories6urn'];
$stories6description=$_POST['stories6description'];
$stories7urn=$_POST['stories7urn'];
$stories7description=$_POST['stories7description'];
$stories8urn=$_POST['stories8urn'];
$stories8description=$_POST['stories8description'];
$stories9urn=$_POST['stories9urn'];
$stories9description=$_POST['stories9description'];
$stories10urn=$_POST['stories10urn'];
$stories10description=$_POST['stories10description'];
$sibling11=$_POST['sibling11'];
$sibling11urn=$_POST['sibling11urn'];
$sibling12=$_POST['sibling12'];
$sibling12urn=$_POST['sibling12urn'];
$spouse1child11=$_POST['spouse1child11'];
$spouse1child11urn=$_POST['spouse1child11urn'];
$spouse1child12=$_POST['spouse1child12'];
$spouse1child12urn=$_POST['spouse1child12urn'];
$spouse2child11=$_POST['spouse2child11'];
$spouse2child11urn=$_POST['spouse2child11urn'];
$spouse2child12=$_POST['spouse2child12'];
$spouse2child12urn=$_POST['spouse2child12urn'];
$cert1fn=$_POST['cert1fn'];
$cert2fn=$_POST['cert2fn'];
$cert3fn=$_POST['cert3fn'];
$cert4fn=$_POST['cert4fn'];
$cert5fn=$_POST['cert5fn'];
$relative=$_POST['relative'];
    print_r($_POST);
    $query = "UPDATE tree SET urn='$urn',surname='$surname',forename='$forename',middlenames='$middlenames',dateofbirth='$dateofbirth',placeofbirth='$placeofbirth',mother='$mother',father='$father',sibling1='$sibling1',sibling2='$sibling2',sibling3='$sibling3',sibling4='$sibling4',sibling5='$sibling5',sibling6='$sibling6',sibling7='$sibling7',sibling8='$sibling8',sibling9='$sibling9',sibling10='$sibling10',christeningdate='$christeningdate',christeningplace='$christeningplace',spouse1='$spouse1',spouse1marriagedate='$spouse1marriagedate',spouse1marriageplace='$spouse1marriageplace',spouse1child1='$spouse1child1',spouse1child2='$spouse1child2',spouse1child3='$spouse1child3',spouse1child4='$spouse1child4',spouse1child5='$spouse1child5',spouse1child6='$spouse1child6',spouse1child7='$spouse1child7',spouse1child8='$spouse1child8',spouse1child9='$spouse1child9',spouse1child10='$spouse1child10',spouse2='$spouse2',spouse2marriagedate='$spouse2marriagedate',spouse2marriageplace='$spouse2marriageplace',spouse2child1='$spouse2child1',spouse2child2='$spouse2child2',spouse2child3='$spouse2child3',spouse2child4='$spouse2child4',spouse2child5='$spouse2child5',spouse2child6='$spouse2child6',spouse2child7='$spouse2child7',spouse2child8='$spouse2child8',spouse2child9='$spouse2child9',spouse2child10='$spouse2child10',occupation='$occupation',dateofdeath='$dateofdeath',placeofdeath='$placeofdeath',causeofdeath='$causeofdeath',notes='$notes',photographs='$photographs',census='$census',scrapbook='$scrapbook',certificates='$certificates',motherurn='$motherurn',fatherurn='$fatherurn',sibling1urn='$sibling1urn',sibling2urn='$sibling2urn',sibling3urn='$sibling3urn',sibling4urn='$sibling4urn',sibling5urn='$sibling5urn',sibling6urn='$sibling6urn',sibling7urn='$sibling7urn',sibling8urn='$sibling8urn',sibling9urn='$sibling9urn',sibling10urn='$sibling10urn',spouse1urn='$spouse1urn',spouse1child1urn='$spouse1child1urn',spouse1child2urn='$spouse1child2urn',spouse1child3urn='$spouse1child3urn',spouse1child4urn='$spouse1child4urn',spouse1child5urn='$spouse1child5urn',spouse1child6urn='$spouse1child6urn',spouse1child7urn='$spouse1child7urn',spouse1child8urn='$spouse1child8urn',spouse1child9urn='$spouse1child9urn',spouse1child10urn='$spouse1child10urn',spouse2urn='$spouse2urn',spouse2child1urn='$spouse2child1urn',spouse2child2urn='$spouse2child2urn',spouse2child3urn='$spouse2child3urn',spouse2child4urn='$spouse2child4urn',spouse2child5urn='$spouse2child5urn',spouse2child6urn='$spouse2child6urn',spouse2child7urn='$spouse2child7urn',spouse2child8urn='$spouse2child8urn',spouse2child9urn='$spouse2child9urn',spouse2child10urn='$spouse2child10urn',yearofbirth='$yearofbirth',photo1urn='$photo1urn',photo1description='$photo1description',photo2urn='$photo2urn',photo2description='$photo2description',photo3urn='$photo3urn',photo3description='$photo3description',photo4urn='$photo4urn',photo4description='$photo4description',photo5urn='$photo5urn',photo5description='$photo5description',photo6urn='$photo6urn',photo6description='$photo6description',photo7urn='$photo7urn',photo7description='$photo7description',photo8urn='$photo8urn',photo8description='$photo8description',photo9urn='$photo9urn',photo9description='$photo9description',photo10urn='$photo10urn',photo10description='$photo10description',cert1urn='$cert1urn',cert1description='$cert1description',cert2urn='$cert2urn',cert2description='$cert2description',cert3urn='$cert3urn',cert3description='$cert3description',cert4urn='$cert4urn',cert4description='$cert4description',cert5urn='$cert5urn',cert5description='$cert5description',stories1urn='$stories1urn',stories1description='$stories1description',stories2urn='$stories2urn',stories2description='$stories2description',stories3urn='$stories3urn',stories3description='$stories3description',stories4urn='$stories4urn',stories4description='$stories4description',stories5urn='$stories5urn',stories5description='$stories5description',stories6urn='$stories6urn',stories6description='$stories6description',stories7urn='$stories7urn',stories7description='$stories7description',stories8urn='$stories8urn',stories8description='$stories8description',stories9urn='$stories9urn',stories9description='$stories9description',stories10urn='$stories10urn',stories10description='$stories10description',sibling11='$sibling11',sibling11urn='$sibling11urn',sibling12='$sibling12',sibling12urn='$sibling12urn',spouse1child11='$spouse1child11',spouse1child11urn='$spouse1child11urn',spouse1child12='$spouse1child12',spouse1child12urn='$spouse1child12urn',spouse2child11='$spouse2child11',spouse2child11urn='$spouse2child11urn',spouse2child12='$spouse2child12',spouse2child12urn='$spouse2child12urn',cert1fn='$cert1fn',cert2fn='$cert2fn',cert3fn='$cert3fn',cert4fn='$cert4fn',cert5fn='$cert5fn',relative='$relative' WHERE urn='$urn'"; 
    $result = mysql_query($query)
              or die ("Couldn't execute query.");
    echo "<p align='$center'><h4>Record amended successfully!</h4><br><font face='$Arial' size='$2' color='$#000000'>Click <a target='$_top' style='$font-family: Arial; font-size: 10pt; color: #000000; text-decoration: none' href='$newrecord.htm'>HERE</a> to add new record</font>";
?>
</body></html>
 
Thanks in advance folks.

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 3:51 pm
by nowaydown1
Groovy. Glad deejay got it sorted out for you! 8)

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 4:04 pm
by kdidymus
Oh and one more question.

As I mentioned before, I've desiged a PHP page which connects to my MySQL database and populates a form from a specific row (or "urn") for editing.

Problem is, whenever an apostrophre (') appears in my data (e.g. St. Stephen's Church) the PHP seems to ignore the remainder of that column so all I end up with is St. Stephen.

Is there a way of forcing the PHP to download everything including apostrophes?

Thanks folks. I couldn't do this without you.

KD.

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 4:06 pm
by kdidymus
Hey Nowaydown. You helped too! If it weren't for you I would have lost confidence in my first attempt and gone on to try something which DEFINITELY wouldn't have worked. By suggesting the print_r addition I knew that the bulk of my code was working. I just needed that extra shove to get me going!

Re: Updating MySQL using PHP - a problem!

Posted: Thu Jun 19, 2008 4:36 pm
by nowaydown1
No worries. Happy to help out. The problem you described with the quotes is a side effect of not escaping your data properly. If you follow through on the mysql_real_escape_string you'll solve that problem in the process. :D

Re: Updating MySQL using PHP - a problem!

Posted: Fri Jun 20, 2008 12:32 am
by kdidymus
Nope. Been working on this for nearly two hours now and I cannot work out how to use the escape strings.

Have a PHP primer which has "helpfully" suggested adding a / to the string and this is fine for manually entered text but I want to apply it to ALL of the data being downloaded.

I have tried various combinations of "addslashes", "stripslashes" and various manifestations of escape strings (which I have unsuccessfully applied to the "query" string of my page. But these just cause a die message.

Anybody help me with which string I should escape and how to escape it so that apostrophes are not escaped but downloaded "as is" to my form?

Sorry to be a pain. This is a tight learning curve for me!

KD.

Re: Updating MySQL using PHP - a problem!

Posted: Fri Jun 20, 2008 5:16 am
by deejay
thanks for the praise but deffinatly no php god. just a green belt on the learning curve as well ;)

are you adding the slashes before you get to the query ie

Code: Select all

 
    <?php  
 
$str = "Is your name O'reilly?";
 
 
echo addslashes($str);
// Outputs: Is your name O\'reilly?
 
?>
 
 
so

Code: Select all

 
$urn=addslashes($_POST['urn']);
$surname=addslashes($_POST['surname']);
 
should sort it.

Re: Updating MySQL using PHP - a problem!

Posted: Fri Jun 20, 2008 5:50 am
by kdidymus
Think we have our wires cross. Going to start a new topic on this one.

KD.