Page 1 of 1
MySQL Update Query
Posted: Wed Dec 29, 2004 9:40 am
by Getran
I can usually get these to work fine but for some reason this one won't work, can someone tell me what i'm doing wrong ?
Code: Select all
$Edit['name'] = $_REQUEST['editpost_name'];
$Edit['message'] = $_REQUEST['editpost_message'];
mysql_query("UPDATE table SET name='".$Edit['name']."' WHERE id='".$EditID."'") or die(mysql_error());
mysql_query("UPDATE table SET message='".$Edit['message']."' WHERE id='".$EditID."'") or die(mysql_error());
$EditID comes from ?id= in the url
Posted: Wed Dec 29, 2004 10:40 am
by feyd
where's $EditID coming from? (make sure to escape the contents of the strings ($_REQUEST))
Posted: Wed Dec 29, 2004 10:43 am
by Robert Plank
Well first of all you can put those 2 queries into one...
Code: Select all
mysql_query("UPDATE table SET name='".$Edit['name']."', message='".$Edit['message']."' = WHERE id='".$EditID."'") or die(mysql_error());
To figure out what's going wrong, temporarily change the "mysql_query" to "die" so that it prints out what query is being tried in the first place.
Posted: Wed Dec 29, 2004 11:37 am
by Weirdan
and use [php_man]mysql_escape_string[/php_man] to escape user-supplied data:
Code: Select all
mysql_query("UPDATE table SET name='".mysql_escape_string($Edit['name'])."', message='".mysql_escape_string($Edit['message'])."' = WHERE id='".mysql_escape_string($EditID)."'") or die(mysql_error());
Posted: Thu Dec 30, 2004 6:42 am
by Getran
Sorry to say that neither of them work :\
Posted: Thu Dec 30, 2004 7:26 am
by n00b Saibot
ur code looks alright 2 me.
maybe there is a bug sumwhere before the posted section of ur code.
have a close look above it
Posted: Thu Dec 30, 2004 9:24 am
by Robert Plank
Getran, we didn't say those things would make them work, but your query is written pretty sloppily as it is. As I said you will have to replace the mysql_query with die to see what query is being done that is screwing up, you haven't given us enough to go on yet.
Posted: Fri Dec 31, 2004 7:22 am
by n00b Saibot
That's wht I wanted to say
