I'm currently doing a project for my class project. I'm currently trying to update into the database but I get some errors along the way basically it's a radio button to setup to link to a update page. Any help and insights would be appreciated!
<html>
<head>
<title>asdf</title>
<link rel="stylesheet" type="text/css" href="Background.css">
</head>
<?php
session_start();
if(!isset($_SESSION["login"]))
header("location:admin.php");
?>
<body>
<h1 style="color:white"><u><center></center></u></h1>
<div id="BG"></div>
<form action = "update1.php" method = "GET">
<table border = 0>
<tr>
<td>Image: <input type = "text" name = "image" id = "image"></td>
<br/>
<td>Hero Name: <input type = "text" name = "heroes" id = "heroes"></td>
<br/>
<td>Role: <input type = "text" name = "roles" id = "roles"></td>
<br/>
<td>Attribute: <input type = "text" name = "attribute" id = "attribute"></td>
<br/>
<td>Description: <input type = "text" name = "description" id = "description"></td>
<br/>
<td>General: <input type = "text" name = "general" id = "general"></td>
<br/>
</tr>
</table>
</br>
<input type = "submit" name="update" value = "Update">
</form>
</center>
</html>
<?php
ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
define("DB_USER","*****");
define("DB_PASSWORD","****");
define("DB_HOST","*****");
define("DB_NAME","*****");
$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
if(isset($_GET['update']))
{
$image = $_GET['image'];
$heroes = $_GET['heroes'];
$roles = $_GET['roles'];
$attribute = $_GET['attribute'];
$description = $_GET['description'];
$general = $_GET['general'];
$sql = "update `Dota 2 select` set (`image` = '$image',`heroes` = '$heroes') WHERE (heroes= '$heroes', image = '$image')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image]) = WHERE `image`)";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes` =[$heroes],`roles` =[$roles],`attribute`=[$attribute],`description`=[$description],`general`=[$general]) = WHERE `heroes`='$heroes')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes`,`roles`,`attribute`,`description`,`general`) = WHERE (`image`,`heroes`,`roles`,`attribute`,`description`,`general`) = ('$image','$heroes','$roles','$attribute','$description','$general')";
if(!mysqli_query($dbc, $sql))
{
echo(mysqli_error($dbc));
}
else
{
echo 'Data successfully updated!';
}
mysqli_close($dbc);
}
?>
This is the error for this page
"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(image = 'a',heroes = 'a') WHERE (heroes= 'a', image = 'a')' at line 1
"
Seems you are getting MySQL insert and update syntax mixed..
UPDATE `table` set `col1`='val1', `col2`='val2',....
which when set as a PHP var might look like
$sql = 'UPDATE `table` set `col1`=\''. $val1.'\', `col2`=\''.$val2.'\',....
More than one way to do that, but this is my preferred way. backticks around column names, and escaped apostrophes around values, since I use single quote strings here
The table name has invalid space !
You can set your instruction as :
"update Dota_2_select set image = $image , heroes = $heroes where heroes= $heroes, image = $image";
Removing the spaces between table name and using " instead of ' because you can call de php variables $ directly .
Your first where is wrong:
WHERE (heroes= '$heroes', image = '$image')";
It should be
WHERE (heroes= '$heroes' AND image = '$image')";
^^^^
You are also vulnerable to sql injection attacks
Your second one fails because you test for the existence of your $_GET value AFTER you already tried using it:
if (isset($_GET['Heroes'])) {
$Heroes = $_GET['heroes'];
...
}
Related
Update
Here's my form code
<form name = "form" method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>" align = "center">
<tr><td><input type = "text" name = "command"></td></tr>
<tr><td><input type = "submit" name = "submit" value = "Enter"></td></tr>
<tr><td><input type = "submit" name = "save" value = "Save"></td></tr>
</form>
So for this school project we have to make a text based game with PHP and Mysqli, and you have to have save function where it updates the players equipment and location in the database. For some reason, I can't get mine to work. I can echo the $_SESSION['location'] and it will display the users location fine.
When I click save I don't get a query error, but it doesn't update the location in the database either. For test purposes I tried to replace $updatelocation in the query with some random letters and it updated it in the database perfectly, but I can't figure out why it won't work when I have $updatelocation = $_SESSION['location']. My save code is below.
if(ISSET($_POST['save'])) {
$updatelocation = $_SESSION['location'];
$query = "UPDATE `isu`.`game_data` SET `location` = '$updatelocation' WHERE `game_data`.`user_id` =" . $_SESSION['id'];
mysqli_query($dbc,$query) or DIE ("Query problem");
}
room.php
<input name = "room" type = "text" size="70"/>
Update
updateroom.php
<?php
mysql_connect('localhost','athirahhazira','1234');
mysql_select_db("dbcollege");
session_start();
$sql = "UPDATE studentsroom set room='$strroom' WHERE roomid='$_GET[roomid]'";
mysql_query($sql) or die('Error updating room status');
header('Location:staff/room-staff.php');
?>
i can update if there is a default value such as :
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='$_GET[roomid]'";
but not the value from a textbox. could u help me with what i am missing here?
try this
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='".$_REQUEST['roomid']."'";
Note: your code can be sql injection. also mysql_* is deprecated use mysqli_* or PDO
Update2:
add a form and submit button instead of hyperlink
<form method="post" action="updateroom.php" >
<input name = "room" type = "text" size="70"/>
<input type="hidden" name="roomid" value="<?php echo $row_Recordsetroomid['roomid'];?>" />
<input type="submit" name="submit" value="Update" />
</form>
AND update.php
<?php
mysql_connect('localhost','athirahhazira','1234');
mysql_select_db("dbcollege");
session_start();
$room = $_REQUEST['room'];
$roomid = $_REQUEST['roomid'];
$room = mysql_real_escape_string($room);
$roomid = mysql_real_escape_string($roomid);
$sql = "UPDATE studentsroom set room='$room' WHERE roomid='$roomid'";
mysql_query($sql) or die('Error updating room status');
header('Location:staff/room-staff.php');
?>
The quotes for the index in the $_GET is missing. Trying to access array variables like $array[key] instead of $array['key'], will trigger an error in most cases. So always try to use quotes for array indexes.
You can try with this.
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='".$_GET['roomid']."'";
I've got a dropdown menu that is supposed to update my SQL query. If I create the dropdown from the select HTML, it works fine, but when I run it from a PHP array it doesn't select the other options when posted (though it does select them if I manually select the array element from in the program.
Moreover, I've put several echo statements throughout the program to trouble shoot, and I can clearly see that the correct item is being selected, AND that it's posting to the SQL code, but it's just not working right.
For example, my echo statements print out the SQL query
sql = SELECT * from finished_goods WHERE BrandDesc LIKE '%Alma Rosa%'
which works fine. but if I use the drop down to select "alere" it doesn't work.
sql = SELECT * from finished_goods WHERE BrandDesc LIKE '%Alere%'
<table>
<form id = "myform" method="post" action="">
<th>FG id : <input type = "text" name = "finished_goods_id2"/></th>
<th>Product No : <input type = "text" name = "ProdNo"/></th>
<th>Product Name : <input type = "text" name = "ProductName"/></th>
<th>Product Group : <input type = "text" name = "ProductGroup"/></th>
<!-- this code puts a drop down in, but it doesnt update the form -->
<th>Brand : <!-- this select statement works fine
<select name = "BrandDesc">
<option value = "Alma Rosa">Alma Rosa text</option>
<option value = "Alere">Alere</option>
<option value = "Hitching Post">Hitching Post text</option>
</select>
-->
<?php // this array replaces the select dropdown, but doesn't update
$name = 'BrandDesc';
$selected = 0;
$options = array( 'Alma Rosa', 'Alere', 'Hitching Post' );
echo dropdown( $name, $options, $selected );
?>
<th>Varietal : <input type = "text" name = "Varietal"/></th>
<th>Vintage : <input type = "text" name = "VintYear"/></th>
<th>Quantity :</th>
<th><input type = "submit" name = "send" value = "Submit"/></th>
<tr></tr>
<?php
// new connection
$conn = dbConnect('read', 'thereal8_work', 'PDO'); // database for online
$brandNo = 0; // sets the brand so that it displays the first select statement
$brandAccess = $options[$brandNo];
echo " first Brand Access = ".$brandAccess. " <br>";
if ($_POST['BrandDesc']) {
echo " base brandNo = ".$brandNo. "<br>";
$brandNo = $_POST['BrandDesc'];
echo " posted brandNo = ".$brandNo. " <br> ";
echo "options in the function = ".$options[$brandNo]. "<br>";
//$brandAccess = $_POST['BrandDesc'];
$brandAccess = $options[$brandNo];
echo "submitted brand = ".$brandAccess. " <br> ";
}
$sql = "SELECT * from finished_goods WHERE BrandDesc LIKE '%$brandAccess%' ";
echo "sql = ".$sql." <br>";
// get the result
Thanks,
I have a comment system that should input an id, an idea_id, a user_id, a comment, the data, and the time. Everything seems to work except every time I post a comment the idea_id is always 0. By the way an idea is basically a post.
I did this using:
<?php
if(isset($_POST['submit'])) {
$comment = $_POST['comment'];
$user_id = $_SESSION['user_id'];
$idea_id = $_POST['idea_id'];
if(empty($comment)) {
$message = "You Haven't Written Anything";
} else {
mysql_query("INSERT INTO comments (idea_id, user_id, comment, date, time) VALUES('".$idea_id."', '".$user_id."', '".$comment."', now(), now()) ") or die (mysql_error());
$message = "OK! Thanks for leaving your comment!";
if(isset($_GET['user_id'])) {
$_SESSION['user_id'] = $_GET['user_id'];
}
}
echo "<div class = 'box'>$message</div>";
}
?>
<form method = 'Post' name = 'comment_form'>
Comment: <br/>
<input type = 'text' name = 'comment' id = 'comment' autocomplete= 'off' />
<input type = 'hidden' name = 'idea_id' value = '<?php echo $idea_id; ?>' />
<input type = 'submit' name = 'submit' value = 'Comment' />
</form>
It doesn't seem like you're keeping a running count of how many ideas are going through your form.
I would suggest you allow the database to manage the idea_id for you and it be a primary key.
How would your application handle duplicate idea_ids?
The value for the hidden input should be inside php tags:
<input type = 'hidden' name = 'idea_id' value = '<?php echo $idea_id;?>' />
This way the query won't see the idea_id as a string.
Also as stated by echo_Me you should define the variable somewhere.
you should define the $idea_id in your form and then pass it to your form
$idea_id = "your_idea_id";
<input type = 'hidden' name = 'idea_id' value = '<?php echo $idea_id;?>' />
if you wanna see if it works , just try with any number like that
<input type = 'hidden' name = 'idea_id' value = '66' />
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
PHP UPDATE prepared statement
(3 answers)
Closed 11 months ago.
Can anybody help me understand why this update query isn't updating the fields in my database? I have this in my php page to retrieve the current values from the database:
<?php
$query = mysql_query ("SELECT * FROM blogEntry WHERE username = 'bobjones' ORDER BY id DESC");
while ($row = mysql_fetch_array ($query))
{
$id = $row['id'];
$username = $row['username'];
$title = $row['title'];
$date = $row['date'];
$category = $row['category'];
$content = $row['content'];
?>
Here i my HTML Form:
<form method="post" action="editblogscript.php">
ID: <input type="text" name="id" value="<?php echo $id; ?>" /><br />
Username: <input type="text" name="username" value="<?php echo $_SESSION['username']; ?>" /><br />
Title: <input type="text" name="udtitle" value="<?php echo $title; ?>"/><br />
Date: <input type="text" name="date" value="<?php echo $date; ?>"/><br />
Message: <textarea name = "udcontent" cols="45" rows="5"><?php echo $content; ?></textarea><br />
<input type= "submit" name = "edit" value="Edit!">
</form>
and here is my 'editblogscript':
<?php
mysql_connect ("localhost", "root", "");
mysql_select_db("blogass");
if (isset($_POST['edit'])) {
$id = $_POST['id'];
$udtitle = $_POST['udtitle'];
$udcontent = $_POST['udcontent'];
mysql_query("UPDATE blogEntry SET content = $udcontent, title = $udtitle WHERE id = $id");
}
header( 'Location: index.php' ) ;
?>
I don't understand why it doesn't work.
You have to have single quotes around any VARCHAR content in your queries. So your update query should be:
mysql_query("UPDATE blogEntry SET content = '$udcontent', title = '$udtitle' WHERE id = $id");
Also, it is bad form to update your database directly with the content from a POST. You should sanitize your incoming data with the mysql_real_escape_string function.
Need to add quote for that need to use dot operator:
mysql_query("UPDATE blogEntry SET content = '".$udcontent."', title = '".$udtitle."' WHERE id = '".$id."'");
Without knowing what the actual error you are getting is I would guess it is missing quotes. try the following:
mysql_query("UPDATE blogEntry SET content = '$udcontent', title = '$udtitle' WHERE id = '$id'")
Here i updated two variables and present date and time
$id = "1";
$title = "phpmyadmin";
$sql= mysql_query("UPDATE table_name SET id ='".$id."', title = '".$title."',now() WHERE id = '".$id."' ");
now() function update current date and time.
note: For update query we have define the particular id otherwise it update whole table defaulty
First, you should define "doesn't work".
Second, I assume that your table field 'content' is varchar/text, so you need to enclose it in quotes. content = '{$content}'
And last but not least: use echo mysql_error() directly after a query to debug.
Try like this in sql query, It will work fine.
$sql="UPDATE create_test set url= '$_POST[url]' WHERE test_name='$test_name';";
If you have to update multiple columns,
Use like this,
$sql="UPDATE create_test set `url`= '$_POST[url]',`platform`='$_POST[platform]' WHERE test_name='$test_name';";
you must write single quotes then double quotes then dot before name of field and after like that
mysql_query("UPDATE blogEntry SET content ='".$udcontent."', title = '".$udtitle."' WHERE id = '".$id."' ");