Page 1 of 1

Update Query Question

Posted: Mon Sep 27, 2004 7:58 am
by Harlequin
Morning all.

I have a fairly simple form that presents results from a table in text fields.

A user can insert new values and click a submit button. But for some reason the submission isn't working.

Here's what I have:

Code: Select all

echo "<form method='POST' action='Events_Updated.php?EventID=$result&#1111;EventID]'>";
echo "<input type='hidden' name='EventID value='$result&#1111;EventID]'>";
I won't bore you with the rest but on the submission page I have this:

Code: Select all

// Update Database:
$UpdateDatabase = "UPDATE events SET
EventTime	    = '" . $_POST&#1111;"EventTime"] .  "',
EventDate	    = '" . $_POST&#1111;"EventDate"] .  "',
EventBooked     =	'" . $_POST&#1111;"EventBooked"] .  "',
EventSpeaker    =	'" . $_POST&#1111;"EventSpeaker"] .  "'
WHERE EventID   = '" . $_POST&#1111;"EventID"] .  "'";
$Updated = mysql_query($UpdateDatabase) or die ("Error: " . mysql_error());
What am I missing...?

Posted: Mon Sep 27, 2004 8:16 am
by Jean-Yves
On your hidden field, you are missing a single quote after the name value. Try correcting that and see if it works.

Posted: Mon Sep 27, 2004 8:28 am
by Harlequin
Thanks Jean-Yves

Couldn't see the wood for the trees...!

If I want to use the old PHP_Self to keep users on that page should I be using GET instead of POST in the update query then...?

Posted: Mon Sep 27, 2004 8:29 am
by mudkicker
btw, why do you use both methods i mean your form action is
'Events_Updated.php?EventID=$result[EventID]'

and then you post it with hidden field, too..

it's not necessary i think..

Posted: Mon Sep 27, 2004 8:41 am
by Harlequin
Actually - you're right.

It's code I've been working on between other things so I guess some of the old stuff just kind of got left there.

Some of my older pages have more lines commented out than executed...!

Posted: Mon Sep 27, 2004 9:11 am
by Jean-Yves
Harlequin wrote:Thanks Jean-Yves

Couldn't see the wood for the trees...!
Been there, done that - many times! Even with colour syntax-highlighting :D
If I want to use the old PHP_Self to keep users on that page should I be using GET instead of POST in the update query then...?

I'm not sure that I understand - why would you want the PHP_SELF as part of the query?

Or do you mean that you want to call the update and return to the page that has the form? I confess that I just use the form's name, but I think that you can use $HTTP_REFERER to get the name of the calling page. However, this does not always seem to work for me, and is open to hacking apparently since it can be spoofed (I think - not an expert on this!)

Posted: Mon Sep 27, 2004 10:29 am
by feyd
HTTP_REFERER should rarely be used, now-a-days, it often doesn't exist, or can easily be erroneous. Remember, it is information coming from the user, and the user's inputs cannot be trusted, ever.