please help..i give up..
trying to update MySql table..
the file is settings.php (self-submitting)
form code is:
<form method="POST" action="settings.php">
First Name <input type="text" name="fname" id="set_fname" />
Last name <input type="text" name="lname" id="set_lname" />
Email: <input type="text" name="email" id="set_email" />
mobile <input type="text" name="mobile" id="set_mobile" />
Bio: <textarea name="bio" id="set_bio" cols="" rows="5" maxlength="1000" ></textarea>
<input type="submit" id="personal_submit" value="Update" />
</form>
php part
$id=$_SESSION['id'];
$fname_update =$_POST['fname'];
$lnam_update = $_POST['lname'];
$email_update = $_POST['email'];
$mobile_update =$_POST['mobile'];
$bio_update =$_POST['bio'];
$db_host="localhost";
$db_uname="admin";
$db_pass="mypass";
$db_db="main_db";
$db_table="mebers_general";
mysql_connect("$db_host","$db_uname","$db_pass") or die (mysql_error());
mysql_select_db("$db_db") or die("no database by that name");
if($_POST['fname']){
$sql_personal_update=mysql_query("UPDATE members_general SET first_name='$fname_update' WHERE id='$id' ") or die (mysql_error()) ;
if($sql_personal_update){
echo "should be ok but no record is updated....Heeelppp";
}else{
echo "Smth is Wrong";
}
}
I get no errors..
as a result i get the echo string "should be ok but no record is updated....Heeelppp";
so it detects no problem in updating
I've tried the same query in phpMyadmin - works just fine.
I checked the variables - they are not empty..
everything seems to be as it should.
Please help..stacked for 2 days already here//
$sql_personal_update=mysql_query("UPDATE members_general SET firs_name='".$fname_update."' WHERE id='".$id."' ") or die (mysql_error()) ;
You are not actually RUNNING your query:
$sql_personal_update=("UPDATE members_general SET firs_name='$fname_update' WHERE id='$id' ") or die (mysql_error()) ;
^^^^^--- where's mysql_query()?
It should be
$sql_personal_update = mysql_query(blah blah blah) or die(mysql_error());
I guess it's because you're not actually calling the mysql_query function!
For starters, try
$sql_personal_update=mysql_query("UPDATE members_general SET firs_name='$fname_update' WHERE id='$id' ") or die (mysql_error()) ;
Also, is firs_name a typo, or did you really call your database column that?
EDIT: As JoachimIsaksson suggested, mysql_connect etc are deprecated. Use mysqli instead, like below:
$mysqli = new mysqli($db_host,$db_uname,$db_pass, $db_db) or die (mysql_error());
if($_POST['fname']){
$sql_personal_update=$mysqli->query("UPDATE members_general SET first_name='$fname_update' WHERE id='$id' ") or die (mysql_error()) ;
if($sql_personal_update) {
echo "should be ok but no record is updated....Heeelppp";
} else {
echo "Smth is Wrong";
}
}
Thanks for everything, guys, i just recoded all page from blank and it worked..have no idea what was the reason..maybe the 20th hour in a row of coding..thanx..
Related
Trying to get this form to add new data into my database yet for some reason it doesn't seem to work? Instead of staying on the same page "admin.php?page=3" it redirects to just "admin.php" and no echos or signs that it is even doing anything? Could someone help me out here? Cheers!
Form:
<form>
<form name="postnewstory" action="admin.php?page=3" method="POST">
<strong>News Title: </strong><input type="text" name="news_title"><br><br />
<strong>News Story:</strong><br>
<textarea name="news_body" rows="4" cols="60"></textarea><br><br />
<input type="file" name="news_photo"><br>
<strong>Story Link: </strong><br />
<input name="button" type="radio" value="0" checked="checked">No Link<br>
<input type="radio" name="button" value="1">Link<br><br />
<strong>Link Address: </strong><input type="text" name="news_link"><br>
<strong>News Story Tags: </strong><input type="text" name="news_tags">
<input type="submit" value="Post" name="postnewstory" class="btn btn-success"><br />
</form>
PHP:
I know its very basic, just trying to get it to work before I add error checks or anything.
<?php
if (isset($_POST['postnewstory'])){
$username = $user_data['username'];
$email_address = $user_data['email_address'];
$news_title = $_POST['news_title'];
$news_photo = $_POST['news_photo'];
$button = $_POST['button'];
$news_link = $_POST['news_link'];
$news_tags = $_POST['news_tags'];
$exists = mysql_query ("SELECT * FROM users WHERE username='$username'") or die ("not found");
if (mysql_num_rows($exists) != 0){
//update the info in database
mysql_query ("INSERT INTO news (`news_id` ,`news_title` ,`news_body` ,`news_photo` ,`news_date` ,`username` ,`news_tags` ,`button ,`news_link`)
VALUES (NULL , '$news_title', '$news_body', '$news_photo', now(), '$username', '$news_tags', '$button', '$news_link');") or die ("update didn't work");
echo "<div class='alert alert-success'><strong>This post was sent!</strong></span></div> ";
echo '<meta http-equiv="refresh" content="2;url=admin.php?page=3">';
} else echo "<strong><font color=red>Update did not work, please try again.</font></strong>";
}
?>
You have a missing backtick in:
,`button
change to:
,`button`
Rewrite:
("INSERT INTO news (`news_id` ,`news_title` ,`news_body` ,`news_photo` ,`news_date` ,`username` ,`news_tags` ,`button`,`news_link`)
Footnotes:
I quote Shankar:
"Replace die ("update didn't work"); with die (mysql_error()); to know the exact error why your query ain't working."
I think this should work;
Change the line
echo '<meta http-equiv="refresh" content="2;url=admin.php?page=3">';
to
echo "<script>window.location = 'admin.php?page=3';</script>";
I am trying to overwrite the current data in MySQL to be able to update everything.
I am new to this I don't see any errors with the below code:
PHP code:
<?php
// see if the form has been completed
if (isset($_POST['submit'])){
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
if($firstname && $surname){
// connect to the server
include_once("php_includes/db_conx.php");
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='$firstname'") or die ("the query could not be connected");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE firstname SET surname='$surname' WHERE firstname='$firstname'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not edist";
} else echo "you need to enter both of the fields try again:";
}
?>
The error I get is
The query could not be connected
but I tried the query and it is fine.
HTML:
<html>
<head>
<title>update MySql form</title>
</head>
<body>
<div id="pageMiddle">
<form action="user1.php" method="POST">
<div>
<p>First Name: <input type="text" name="firstname" id="firstname" ></p>
<p>Surname: <input type="text" name="surname" id="surname"></p>
<p><input type="submit" name="submit" id="submit" value="Update Description"></p>
</div>
</form>
</body>
</html>
Your table is called 'users' but you are running UPDATE on firstname. Change it to:
UPDATE users SET surname...
Then do
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $firstname . "'")
in order to isolate whether you have value for that variable. I would recommend printing the query string for testing purposes.
The code below should write code into the database.
I have divided into two parts HTML AND PHP code are separate. HTML form code is shown below:
<form name="form1" action="insert.php" method="post">
<h3>Ime </h3> <input type="text" name="field1" > <br/> <br/>
<h3>Prezime </h3> <input type="text" name="field2" > <br/> <br/>
<h3>Firma </h3> <input type="text" name="field3" > <br/> <br/>
<h3>Adresa </h3><input type="text" name="field4" > <br/> <br/>
<h3>Telefon </h3> <input type="text" name="field5" > <br/> <br/>
<h3>Fax </h3><input type="text" name="field6" > <br/> <br/>
<h3>Mobitel </h3> <input type="text" name="field7" > <br/> <br/>
<h3>Email </h3> <input type="text" name="field8" > <br/> <br/>
<h3>Web stranica </h3> <input type="text" name="field9" > <br/>
</form>
PhP code is shown below.
$host="localhost"; // Host name
$username="root"; // username
$password="le30mu09"; // password
$database="imenik"; // Database name
$tbl_name="clanovi"; // Table name
// Replace database connect functions depending on database you are using.
$field1=$_POST['field1'];
$field2=$_POST['field2'];
$field3=$_POST['field3'];
$field4=$_POST['field4'];
$field5=$_POST['field5'];
$field6=$_POST['field6'];
$field7=$_POST['field7'];
$field8=$_POST['field8'];
$field9=$_POST['field9'];
$link=mysql_connect("$host", "$username", "$password");
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make foo the current db
$db_selected = mysql_select_db("$database");
if (!$db_selected) {
die ('db is not selected : ' . mysql_error());
}
$query = "INSERT INTO `clanovi`(`Ime`, `Prezime`, `Firma`, `Adresa`, `Telefon`, `Fax`, `Mobitel`, `Email`, `Web_stranica`) VALUES ( "$field1", "$field2", "$field3", "$field4", "$field5", "$field6", "$field7", "$field8", "$field9")";
mysql_query($query);
mysql_close();
You need to tell us what the actual error is. And bone up on PDO and the dangers of sending unsanitised POST variables to the DB as a matter of priority.
Modify your Insert query. It should be like this:
INSERT INTO clanovi
(column1,column2,column3,...)
VALUES
( $field1, $field2, $field3,.....)
You appear to be using a lot of quotation marks in places that you shouldn't be using them in. It is funny how you can code something for 5 hours and then try to debug it for 2 hours because of a simple quotation mark! It's funny and very depressing at the same time :(
Ok, let's fix the code a little bit!
Database
$link=mysql_connect($host, $username, $password);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make foo the current db
$db_selected = mysql_select_db($database);
if (!$db_selected) {
die ('db is not selected : ' . mysql_error());
}
Notice how I stripped all of the quotation marks out of the code? That will help with database connection and selection.
Now let's move onto the actual inserting of the information into the database!
$query = "INSERT INTO clanovi ('Ime', 'Prezime', 'Firma', 'Adresa', 'Telefon', 'Fax', 'Mobitel, 'Email', 'Web_stranica') VALUES ( $field1, $field2, $field3, $field4, $field5, $field6, $field7, $field8, $field9)";
Again, I stripped all of the quotation marks. Plus I removed backticks and replaced with a ' and also took the '' off of your table name - You should nly use quotation marks when not using a variable.
//Correct
VALUES ($field1, "textnotvariable", $field2...
//Incorrect
VALUES ("$field1", "textnotvariable", "field2"...
The same goes with echo statements. Here's an example...
$myname = "MrJustin";
//Correct
echo $myname;
//or
echo "My name is ". $myname .", it's nice to meet you!";
//Incorrect
echo "My name is $myname, it's nice to meet you";
You'll notice how I used ". $myname ." - that tells the echo to break away from using text, and to pass a variable! :) That to me is the best way to explain how quotations will break a code.
Oh, and you should ALWAYS sanitize your inputs/outputs when using foreign code. I would do some Google searching on that one, and then chat us back up if you run into problems with that!
Hopefully this helps, and happy coding!!
you are not selecting database. you are using double quotes in not its place.
replace this
$db_selected = mysql_select_db("$database");
by
$db_selected = mysql_select_db($database);
and also replace this
$link=mysql_connect("$host", "$username", "$password");
by
$link=mysql_connect($host, $username, $password);
i recomand you to use PDO or mysqli instead.
I'm making a very simple groups(like vb forum groups). I've coded all of it, after getting some errors and fixing it now it's showing the page without errors.
The problem now is the data ISN'T being inserted to mysql. When putting the input into forms and then pressing create it goes to "?update=update" and echo's the success message, but doesn't submit to mysql.
Code:
<? if(!$update) { ?>
<form action="make_group.php?update=update" method="post">
Group name: <br />
<input name="title" type="text" size="30" />
<br />
Group picture: <br />
<input name="picture" type="text" size="30" />
<br />
Group desc: <br />
<textarea name="desc" cols=30 rows=10 wrap=physical></textarea>
<br />
<input type="submit" value="Create" />
<? }
elseif($update==update)
{
$username = $_SESSION[usr_name];
$action = "made a group";
$title = clean($_POST[title]);
$desc = clean($_POST[desc]);
$pictures = clean($_POST[pictures]);
$updateemail = mysql_query("insert into usr_groups(username, title, desc, picture) values('$username', '$title', '$desc', '$picture')");
$result = #mysql_query($qry2);
echo("Your group has been created");
} ?>
Above page code
<?
session_start();
include("config.php");
$ip = $_SERVER['REMOTE_ADDR'];
$sqlcontent = mysql_query("select * from usr_config");
$content = mysql_fetch_array($sqlcontent);
if(!isset($_SESSION[usr_name]) || empty($_SESSION[usr_name]) || !isset($_SESSION[usr_level]) || empty($_SESSION[usr_level]))
{
session_destroy();
session_unset();
die('
<tr>
<td><meta http-equiv="REFRESH" content="0;url=/index.php"></HEAD></td>
</tr>
<tr>
<td></td>
</tr>
</table>
</div>
</body>');
}
include("func.php");
$update = clean($_GET[update]);
$getprof = mysql_query("select * from usr_users where username = '$_SESSION[usr_name]'");
$prof = mysql_fetch_array($getprof);
?>
Set off the desc with ` - amending my answer to include my comment from below - desc is a reserved word in MySQL, to declare it as a field name instead of a sort order, it must have the back ticks:)
I would suggest putting adding an OR die(mysql_error()) to the end of your mysql_query(call)
mysql_query('your query') OR die(mysql_error())
I would only do this while your debugging and not leave it on anything the public would see. This will give you information on why the INSERT query isn't working. I don't where you are connecting, but I'm assuming you left that out for security reasons :)
I do see that your statement
elseif($update==update){
doesn't have quotes around it - so it would seem like that conditional block is never being called...I see your comment, but I would consider at least for debugging purposes, throwing some quotes around it. Can't hurt right :) the die statement will tell you if you have syntax issues. Maybe consider printing something in that block as well to make sure that conditional is interpreted the way you are expecting...
FWIW your SQL appear to be fine to me - you may run into issues with the name if you ever get a ' in the name...
change $picture to $pictures
$updateemail = mysql_query("insert into usr_groups(username, title, desc, picture) values('$username', '$title', '$desc', '$pictures')");
Unable to insert if column named is keyword, such as DESC
Try to echo $updateemail and then add this code to check if there are any errors.
if (!mysql_query($updateemail,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";
Also,change the insert query to :
$updateemail = mysql_query("insert into usr_groups(username, title, description, picture) values('$username', '$title', '$desc', '$pictures')");
change the desc column name to something.
I am trying to submit the page to itself but some reason the following code is not working. Also How can I get the table1 primary key ID back after inserting the data successfully? I have a child table which needs this ID. Thanks for any suggestions.
<?php
include('db_login.php');
$connection = mysql_connect( $db_host, $db_username, $db_password );
if (!$connection){
die ("Could not connect to the database: <br />". mysql_error());
}
// Select the database
$db_select=mysql_select_db($db_database);
if (!$db_select){
die ("Could not select the database: <br />". mysql_error());
if ($_POST['Submit'])
{
$first = $_POST["first"];
$first = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($first): $first);
$last = $_POST["last"];
$last = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($last): $last);
$insertsql = "INSERT INTO table1(FirstName,LastName) VALUES ('".$first."', '" .$last. "')";
$result1 = mysql_query($insertsql) or die(mysql_error());
}
?>
<form name="hotlineForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"
method="post">
<input id="first" type="text">
<input id="last" type="text">
<input type="submit" value="Submit"></form></body>
What part isn't working on the post back? Are you not entering your if statement?
To get the ID of the last insert use the following after your $result1 = mysql_query(...):
$primary_id = mysql_insert_id()
http://php.net/manual/en/function.mysql-insert-id.php
Change your form inputs to include name attributes. Without them, your $_POST will be empty.
<input name='first' id="first" type="text">
<input name='last' id="last" type="text">
<input name='Submit' type="submit" value="Submit">
As mentioned in the comments, get_magic_quotes should not be used. You've correctly called mysql_real_escape_string() on your inputs already.
Following your insert, get the id from mysql_insert_id():
$result1 = mysql_query($insertsql) or die(mysql_error());
$new_id = myqsl_insert_id();
if ($_POST['Submit'])
I don't see a form element with this name.
try:
if (isset($_POST['first']) && isset($_POST['last']))
For getting inserted ID you can use:
mysql_insert_id();
You are missing a closing } here:
if (!$db_select){
die ("Could not select the database: <br />". mysql_error());
} <<---- Close your if statement here.
if ($_POST['Submit'])
Currently the code that does the actual work only gets called if the DB cannot be selected.
Not very useful.
This is why proper indentation is important.
If you are religious about your indentation, you will spot these kind of errors instantly.
Use a name for the input field and check if it was sents not the submit