Update certain column of recordset from textbox value - php

room.php
<input name = "room" type = "text" size="70"/>
Update
updateroom.php
<?php
mysql_connect('localhost','athirahhazira','1234');
mysql_select_db("dbcollege");
session_start();
$sql = "UPDATE studentsroom set room='$strroom' WHERE roomid='$_GET[roomid]'";
mysql_query($sql) or die('Error updating room status');
header('Location:staff/room-staff.php');
?>
i can update if there is a default value such as :
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='$_GET[roomid]'";
but not the value from a textbox. could u help me with what i am missing here?


try this
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='".$_REQUEST['roomid']."'";
Note: your code can be sql injection. also mysql_* is deprecated use mysqli_* or PDO
Update2:
add a form and submit button instead of hyperlink
<form method="post" action="updateroom.php" >
<input name = "room" type = "text" size="70"/>
<input type="hidden" name="roomid" value="<?php echo $row_Recordsetroomid['roomid'];?>" />
<input type="submit" name="submit" value="Update" />
</form>
AND update.php
<?php
mysql_connect('localhost','athirahhazira','1234');
mysql_select_db("dbcollege");
session_start();
$room = $_REQUEST['room'];
$roomid = $_REQUEST['roomid'];
$room = mysql_real_escape_string($room);
$roomid = mysql_real_escape_string($roomid);
$sql = "UPDATE studentsroom set room='$room' WHERE roomid='$roomid'";
mysql_query($sql) or die('Error updating room status');
header('Location:staff/room-staff.php');
?>


The quotes for the index in the $_GET is missing. Trying to access array variables like $array[key] instead of $array['key'], will trigger an error in most cases. So always try to use quotes for array indexes.
You can try with this.
$sql = "UPDATE studentsroom set room='A206' WHERE roomid='".$_GET['roomid']."'";

Related

MySQL and PHP Update

I'm currently doing a project for my class project. I'm currently trying to update into the database but I get some errors along the way basically it's a radio button to setup to link to a update page. Any help and insights would be appreciated!
<html>
<head>
<title>asdf</title>
<link rel="stylesheet" type="text/css" href="Background.css">
</head>
<?php
session_start();
if(!isset($_SESSION["login"]))
header("location:admin.php");
?>
<body>
<h1 style="color:white"><u><center></center></u></h1>
<div id="BG"></div>
<form action = "update1.php" method = "GET">
<table border = 0>
<tr>
<td>Image: <input type = "text" name = "image" id = "image"></td>
<br/>
<td>Hero Name: <input type = "text" name = "heroes" id = "heroes"></td>
<br/>
<td>Role: <input type = "text" name = "roles" id = "roles"></td>
<br/>
<td>Attribute: <input type = "text" name = "attribute" id = "attribute"></td>
<br/>
<td>Description: <input type = "text" name = "description" id = "description"></td>
<br/>
<td>General: <input type = "text" name = "general" id = "general"></td>
<br/>
</tr>
</table>
</br>
<input type = "submit" name="update" value = "Update">
</form>
</center>
</html>
<?php
ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
define("DB_USER","*****");
define("DB_PASSWORD","****");
define("DB_HOST","*****");
define("DB_NAME","*****");
$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
if(isset($_GET['update']))
{
$image = $_GET['image'];
$heroes = $_GET['heroes'];
$roles = $_GET['roles'];
$attribute = $_GET['attribute'];
$description = $_GET['description'];
$general = $_GET['general'];
$sql = "update `Dota 2 select` set (`image` = '$image',`heroes` = '$heroes') WHERE (heroes= '$heroes', image = '$image')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image]) = WHERE `image`)";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes` =[$heroes],`roles` =[$roles],`attribute`=[$attribute],`description`=[$description],`general`=[$general]) = WHERE `heroes`='$heroes')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes`,`roles`,`attribute`,`description`,`general`) = WHERE (`image`,`heroes`,`roles`,`attribute`,`description`,`general`) = ('$image','$heroes','$roles','$attribute','$description','$general')";
if(!mysqli_query($dbc, $sql))
{
echo(mysqli_error($dbc));
}
else
{
echo 'Data successfully updated!';
}
mysqli_close($dbc);
}
?>
This is the error for this page
"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(image = 'a',heroes = 'a') WHERE (heroes= 'a', image = 'a')' at line 1
"

Seems you are getting MySQL insert and update syntax mixed..
UPDATE `table` set `col1`='val1', `col2`='val2',....
which when set as a PHP var might look like
$sql = 'UPDATE `table` set `col1`=\''. $val1.'\', `col2`=\''.$val2.'\',....
More than one way to do that, but this is my preferred way. backticks around column names, and escaped apostrophes around values, since I use single quote strings here

The table name has invalid space !
You can set your instruction as :
"update Dota_2_select set image = $image , heroes = $heroes where heroes= $heroes, image = $image";
Removing the spaces between table name and using " instead of ' because you can call de php variables $ directly .

Your first where is wrong:
WHERE (heroes= '$heroes', image = '$image')";
It should be
WHERE (heroes= '$heroes' AND image = '$image')";
^^^^
You are also vulnerable to sql injection attacks
Your second one fails because you test for the existence of your $_GET value AFTER you already tried using it:
if (isset($_GET['Heroes'])) {
$Heroes = $_GET['heroes'];
...
}

Update MySQL entries via PHP/Html & sql

Im trying to create a form where based on someones first and surname, their email can be changed.
So the html looks like this:
<form action="sUpdateResponse.php" method="post">
<input type="text" placeholder="Enter Email..." name="sUpdateEmail">
Where the name is
<input type="text" placeholder="Enter Forename..." name="sUpdateFN">
<input type="text" placeholder="Enter Surname..." name="sUpdateSN">
<input type="submit" value="Update Records" name="sRetrieveUpdate"></form>
This takes a new email to update the data entry where the forename and surname exist.
The php on sUpdateResponse looks like this,
if($_POST['sRetrieveUpdate'])
$queryRetrieve = mysql_query( "UPDATE staffData SET sEmail='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN']."'
AND sFN='".$_POST['sUpdateSN']."'" );
This doesn't return an error but doesn't seem to alter the email either...
Where am i going wrong?

<?php
if(isset($_POST['sRetrieveUpdate'])){
if(isset($_POST['sUpdateEmail']) && isset($_POST['sUpdateFN']) && isset($_POST['sUpdateSN'])){
$query = "UPDATE staffData SET sEmail = '.$_POST['sUpdateEmail'].' WHERE sFirstName = '.$_POST['sUpdateFN'].' AND sSurName = '.$_POST['sUpdateSN']";
$Result = mysqli_query($query);
}else{
// Error Message
}
}else{
// Error Message
}
?>

"UPDATE staffData SET sEmail='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN'].$_POST['sUpdateSN']."'"

Your Second column is same in where condition sFn repeated.
WHERE sFN='".$_POST['sUpdateFN']."'
AND sFN='".$_POST['sUpdateSN']."'")
It cheks two values in same column . There is your column name mistake in the query.make it correct then it will work fine :)
It should be Something like this
if($_POST['sRetrieveUpdate'])
$queryRetrieve = mysql_query( "UPDATE staffData SET Email='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN']."' AND sSN='".$_POST['sUpdateSN']."'" );

Update query PHP MySQL [duplicate]

This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
PHP UPDATE prepared statement
(3 answers)
Closed 11 months ago.
Can anybody help me understand why this update query isn't updating the fields in my database? I have this in my php page to retrieve the current values from the database:
<?php
$query = mysql_query ("SELECT * FROM blogEntry WHERE username = 'bobjones' ORDER BY id DESC");
while ($row = mysql_fetch_array ($query))
{
$id = $row['id'];
$username = $row['username'];
$title = $row['title'];
$date = $row['date'];
$category = $row['category'];
$content = $row['content'];
?>
Here i my HTML Form:
<form method="post" action="editblogscript.php">
ID: <input type="text" name="id" value="<?php echo $id; ?>" /><br />
Username: <input type="text" name="username" value="<?php echo $_SESSION['username']; ?>" /><br />
Title: <input type="text" name="udtitle" value="<?php echo $title; ?>"/><br />
Date: <input type="text" name="date" value="<?php echo $date; ?>"/><br />
Message: <textarea name = "udcontent" cols="45" rows="5"><?php echo $content; ?></textarea><br />
<input type= "submit" name = "edit" value="Edit!">
</form>
and here is my 'editblogscript':
<?php
mysql_connect ("localhost", "root", "");
mysql_select_db("blogass");
if (isset($_POST['edit'])) {
$id = $_POST['id'];
$udtitle = $_POST['udtitle'];
$udcontent = $_POST['udcontent'];
mysql_query("UPDATE blogEntry SET content = $udcontent, title = $udtitle WHERE id = $id");
}
header( 'Location: index.php' ) ;
?>
I don't understand why it doesn't work.

You have to have single quotes around any VARCHAR content in your queries. So your update query should be:
mysql_query("UPDATE blogEntry SET content = '$udcontent', title = '$udtitle' WHERE id = $id");
Also, it is bad form to update your database directly with the content from a POST. You should sanitize your incoming data with the mysql_real_escape_string function.

Need to add quote for that need to use dot operator:
mysql_query("UPDATE blogEntry SET content = '".$udcontent."', title = '".$udtitle."' WHERE id = '".$id."'");

Without knowing what the actual error you are getting is I would guess it is missing quotes. try the following:
mysql_query("UPDATE blogEntry SET content = '$udcontent', title = '$udtitle' WHERE id = '$id'")

Here i updated two variables and present date and time
$id = "1";
$title = "phpmyadmin";
$sql= mysql_query("UPDATE table_name SET id ='".$id."', title = '".$title."',now() WHERE id = '".$id."' ");
now() function update current date and time.
note: For update query we have define the particular id otherwise it update whole table defaulty

First, you should define "doesn't work".
Second, I assume that your table field 'content' is varchar/text, so you need to enclose it in quotes. content = '{$content}'
And last but not least: use echo mysql_error() directly after a query to debug.

Try like this in sql query, It will work fine.
$sql="UPDATE create_test set url= '$_POST[url]' WHERE test_name='$test_name';";
If you have to update multiple columns,
Use like this,
$sql="UPDATE create_test set `url`= '$_POST[url]',`platform`='$_POST[platform]' WHERE test_name='$test_name';";

you must write single quotes then double quotes then dot before name of field and after like that
mysql_query("UPDATE blogEntry SET content ='".$udcontent."', title = '".$udtitle."' WHERE id = '".$id."' ");

How can I pass the value of a checkbox from one page to another?

I am trying to pass a selected checkbox value from one page to another to run a mysql statement on my db.
This is what I have:
HTML
<form method='POST' action='move_compaudit.php'>
<input type='hidden' name='checkbox' value='0'/>
<input type='checkbox' name='checkbox' value='1'/>
PHP (this file called move_compaudit.php)
<?php
include('include/dbConnection.php');
$checkbox = isset($_POST['checkbox']) ? 'Set' : 'NotSet';
//SQL statement
$query = "SELECT * FROM compaudit;";
$results = mysqli_query($dbc,$query) or die('Error querying database');
$row = mysqli_fetch_array($results);
$query1 = "DELETE FROM compaudit WHERE serial_no = $row[7] AND $checkbox = 'Set'";
//Execute prepared MySQL statement
//$results1 = mysqli_query($dbc,$query1) or die('Error querying database');
print_r($query);
print_r($query1);
?>
My badly printed query: I get this everytime, regardless of click or not clicked.
SELECT * FROM compaudit;DELETE FROM compaudit WHERE serial_no = 12345 AND Set = 'Set'

If you are going to keep your HTML as it is, you need to check the actual value of $_POST['checkbox'] instead of checking if it is set. Your hidden field guarantees that even if it is not checked, $_POST will still get a value for "checkbox".
<?php
include('include/dbConnection.php');
$checkbox = ($_POST['checkbox'] == '1') ? 'Set' : 'NotSet';
....

Set is keyword in mysql :) you should escape it with `

If you declare before the checkbox a hidden with same name, this variable will be forever true for isset.
Look to #GameBit tip, escape with backticks the fields and quote/escape all variables before use into a query.

PHP and MySQL form, what am I doing wrong?

I have a table that has the user ID already in it, but some of the information is missing and that is where I need the user to input it themselves. With the URL of the form I have their ID in it... winnerpage.php?ID=123
I am having troubles getting the code to work. Any help would be great!
This is the code on that winnerpage.php
<form enctype="multipart/form-data" action="winnerpage.php" method="POST">
ID: <input name="ID" type="text" value="<?=$ID?>" /><br/>
First Name: <input type="text" name="FN"><br />
Last Name: <input type="text" name="LN"><br />
Email: <input type="text" name="EM"><br />
Phone: <input type="text" name="PH"><br />
<input type="submit" name="edit" value="edit"></form> <br>
<?
require_once('mysql_serv_inc.php');
$conn = mysql_connect("$mysql_server","$mysql_user","$mysql_pass");
if (!$conn) die ("ERROR");
mysql_select_db($mysql_database,$conn) or die ("ERROR");
if(isset($_POST['edit']))
{
$sID = addslashes($_POST['ID']);
$sFN = addslashes($_POST['FN']);
$sLN = addslashes($_POST['LN']);
$sEM = addslashes($_POST['EM']);
$sPH = addslashes($_POST['PH']);
mysql_query('UPDATE winner SET FN=$sFN, LN=$sLN, EM=$sEM, PH=$sPH
WHERE ID=$sID') or die (mysql_error());
echo 'Updated!';
}
$query = "select * from winner order by ID";
$result = mysql_query($query);
?>
<?
while ($link=mysql_fetch_array($result))
{
echo 'Unique ID - Completion Time - First Name - Last Name - Email - Phone<br/>'.$link[ID].' -' .$link[FN].' - '.$link[LN].' - '.$link[EM].' - '.$link[PH].'<br>';
}
?>

1)
ID: <input name="ID" type="text" value="<?=$ID?>" /><br/>
Where do you get that $ID? Are you doing something like $_GET['ID'] or are you relying on safe_mode being ON? (it's not clear from the code you provided)
(better yet, if(isset($_GET['ID'])) { $ID = (int)$_GET['ID'] }
2) Please don't to that. Don't use addslashes(). Use mysql_real_escape_string() or, even better, prepared statements. Addslashes is not utterly reliable in escaping datas for queries.
sID = (int)$_POST['ID'];
$sFN = mysql_real_escape_string($_POST['FN']);
$sLN = mysql_real_escape_string($_POST['LN']);
$sEM = mysql_real_escape_string($_POST['EM']);
$sPH = mysql_real_escape_string($_POST['PH']);
Also, add 'value=""' to each input field (not mandatory)
3) encapsulate values in query:
mysql_query("UPDATE winner SET FN='".$sFN."', LN='".$sLN."', EM='".$sEM."', PH='".$sPH."' WHERE ID='".$sID."'") or die (mysql_error());

Maybe try:
mysql_query("UPDATE winner SET FN='$sFN', LN='$sLN', EM='$sEM', PH='$sPH' WHERE ID=$sID") or die (mysql_error());

mysql_query('UPDATE winner SET FN=$sFN, LN=$sLN, EM=$sEM, PH=$sPH WHERE ID=$sID')
the query is encapsulated by single-quotes, so the variables inside will not be parsed.

At first glance I would say that you need:
1) Quote marks around some of the values you are inserting into the table (any strings for example)
2) Quote marks around the names of the fields when you try to echo them out at the end ($link['ID'] for example)

Categories