Hi, I need help with this code, don't know what is wrong. The form shows up with first name, last name and address, I also don't see any error and when I click Edit button it redirects to next page but I don't see any change. I tried both using variables and $_POST in mysql_query but still none of them works. Please help. Thanks in advance. Here is the code
You're inserting $_POST[name] and not $_POST[first] but also, you've already posted those variables. Use: mysql_query ("UPDATE users SET firstname = '$first', lastname = '$last', address = '$add' WHERE id = '$id'"); You may want to escape bad characters in those variables as well.
Yeah a similar answer Shouldn't this line mysql_query ("UPDATE users SET firstname = '$_POST[name]', lastname = '$_POST[last]', address = '$_POST[add]' WHERE id = '$id'"); PHP: be: mysql_query ("UPDATE users SET firstname = '$name', lastname = '$last', address = '$add' WHERE id = '$id'"); PHP:
Hi guy's you just cut and paste below line of code it will be work fine. <?php include("db.php"); if (isset($_POST['submit'])){ $id = $_POST['id']; $first = $_POST['first']; $last = $_POST['last']; $add = $_POST['add']; mysql_query ("UPDATE `users` SET `firstname` = $first, `lastname` = $last, `address` = $add WHERE id =".$id); header("location:show_recs.php"); exit; } $id = $_POST['id']; $result = mysql_query("SELECT * FROM users where `id`=".$id); $row=mysql_fetch_assoc($result); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form action="<?php echo $PHP_SELF; ?>" method="post" name="form"> <p>Name: <input type="text" value="<?php echo $row['firstname']; ?>" name="first" /><br /> Lastname: <input type="text" value="<?php echo $row['lastname']; ?>" name="last" /><br /> Address: <input type="text" value="<?php echo $row['address']; ?>" name="add" /><br /> </p> <input type="submit" value="Edit" name="submit" /> </form> </body> </html>
What if someone posts the form with id equalling: 1' or 1=1 or id='1 Code (markup): Hint: If your script was working, then your whole table would be trashed. Never use variables from the public without cleaning them first.
Interesting catch, Potato. But who passes on the the id variable instead of auto incrementing it in the db? fear - you can pm me for contact info and I will help you over IM or something if you like.
this should be work regards .. but .. please always clean input from user using stripslash or mysql escape string regards
any msg error??? anyway .. what file name u've saved? for form action u can leave it blank .. .action="" regards
No error but when the page redirects back, there is no change in record. File names are show_recs.php and update.php
From a quick, 30 second glance at the code, it looks like the following on line 4: $id = $_POST['id']; Code (markup): Should probably be this: $id = $_GET['id']; Code (markup): As it is on line 13ish... There may be other issues, but that is just what got my attention in the quick glance I gave the code. You could use $_POST instead of $_GET, but then, you'd have to include the "id" element in your HTML form that you submit, which you currently aren't (I'm assuming you're passing the id in the URL?).
Hi, It's NEVER going to show any errors when you just Header() the next page, it probably is showing errors but it's moving onto the next page and you don't seem them. Try using this - (wrote from memory, shouldn't be any wrong with it that I can see) <?php include("db.php"); if (isset($_POST['submit'])){ $id = mysql_real_escape_string($_POST['id']); $first = mysql_real_escape_string($_POST['first']); $last = mysql_real_escape_string($_POST['last']); $add = mysql_real_escape_string($_POST['add']); if(is_numeric($id)) { $query = mysql_query("UPDATE `users` SET firstname='{$first}', lastname='{$last}', address='{$add}' WHERE id = {$id}"); if($query) { header("location:show_recs.php"); exit; } else { die('MySQL ERROR: ' . mysql_error()); } } else { die('Invalid User ID'); } } $id = $_POST['id']; $result = mysql_query("SELECT * FROM users where id=$id"); $row=mysql_fetch_assoc($result); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form action="<?php echo $PHP_SELF; ?>" method="post" name="form"> <p>User ID: <input type="text" value="<?php echo $row['id']; ?>" name="id" /><br /> <p>Name: <input type="text" value="<?php echo $row['firstname']; ?>" name="first" /><br /> Lastname: <input type="text" value="<?php echo $row['lastname']; ?>" name="last" /><br /> Address: <input type="text" value="<?php echo $row['address']; ?>" name="add" /><br /> </p> <input type="submit" value="Edit" name="submit" /> </form> </body> </html> PHP: I've included some basic error checking, if there is an error it'll stop on that page and use die() to show the error message, if there is no errors then it will continue to header() to the next page. It also escapes the strings and checks to make sure that the ID is numeric, if it isn't then you know someone has either messed up somewhere, or trying to exploit your code. Regards, Steve
change if($_POST['submit']) to if(isset($_POST['submit'])) I did not go through entire page there may be more bugs.
I tried to help him earlier. He isn't passing the $id with his form. So it doesn't update because the form doesn't know which line to execute the update on... $id = $_GET['id']; Needs to happen at the top of the page. Also, the form shouldn't be showing up with any values in it when you first open the page because the database doesn't get queried until you submit the form.