...

View Full Version : Updating a database



Namii
01-21-2010, 11:44 AM
Hey guys, I'm having some trouble with the PHP on my update section.

Can someone tell me what's wrong here? Thank You.




<?php

$nome = $_POST['nome'];
$telefone = $_POST['telefone'];
$e_mail = $_POST['e_mail'];
$morada = $_POST['morada'];
$pontos= $_POST['pontos'];

$db="database";
$link = mysql_connect('localhost','root','');
if (! $link)
die("Impossível ligar ao MySQL");
mysql_select_db($db , $link)
or die("Impossível abrir $db: ".mysql_error());
$result = mysql_query('UPDATE clientes SET nome=$nome,telefone=$telefone,e_mail=$e_mail,morada=$morada,pontos=$pontos WHERE id_clientes=$id_clientes') or die(mysql_error());
mysql_close($link);

if (($result)==1){
echo "<p>Linha actualizada com sucesso!<br>";
}

?>

abduraooft
01-21-2010, 11:53 AM
Hey guys, I'm having some trouble with the PHP on my update section.

Can someone tell me what's wrong here? It'd be better to tell us what's your problem with that code.

Namii
01-21-2010, 11:55 AM
Oh sorry forgot about the error.

It's:

Unknown column '$id_clientes' in 'where clause'

abduraooft
01-21-2010, 12:01 PM
Okay! PHP can't parse the variables inside single quotes. You'd need to either limit that quotes around the variable or use double quotes, like

$result = mysql_query("UPDATE clientes SET nome='$nome',telefone='$telefone',e_mail='$e_mail',morada='$morada',pontos='$pontos' WHERE id_clientes=$id_clientes") or die(mysql_error());

(It's not an issue to put single quote inside double quote, and you should put quotes around all string variables in your query)

Namii
01-21-2010, 12:05 PM
I tried it but now if i try to $id_clientes = $_POST['id_clientes']; in the start of the php code i get the undefined index error :S if i don't.. still get:

Notice: Undefined variable: id_clientes in C:\wamp\www\update_clientes.php on line 17
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

abduraooft
01-21-2010, 12:20 PM
Enclose your code inside

if(isset($_POST['id_clientes'])){

//all your current code here

}

Namii
01-21-2010, 12:26 PM
Ok i tried that now it just shows a blank page.. The


if (($result)==1){
echo "<p>Linha actualizada com sucesso!<br>";
}

Doesn't echo the update success, or update the database table.

abduraooft
01-21-2010, 12:28 PM
Ok i tried that now it just shows a blank page.. Have you submitted your form to that page? (Please don't say that you don't have a form ;))

Namii
01-21-2010, 12:29 PM
Yes i do have a form lol

And yes i did hit submit.. Just shows the blank page.

abduraooft
01-21-2010, 12:34 PM
Yes i do have a form lol

And yes i did hit submit.. Just shows the blank page.
Then there are two possibilities. Either you don't have a form-element having name="id_clientes" or you haven't specified method="post" to that form.

Namii
01-21-2010, 12:38 PM
OK i didnt have the input name="id_clientes" and now i do.. but we go back to the SQL syntax error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

abduraooft
01-21-2010, 12:52 PM
Change
$result = mysql_query("UPDATE clientes SET nome='$nome',telefone='$telefone',e_mail='$e_mail',morada='$morada',pontos='$pontos' WHERE id_clientes=$id_clientes") or die(mysql_error()); to

echo $sql="UPDATE clientes SET nome='$nome',telefone='$telefone',e_mail='$e_mail',morada='$morada',pontos='$pontos' WHERE id_clientes=$id_clientes";
mysql_query($sql) or die(mysql_error());

Namii
01-21-2010, 01:38 PM
It's all good till id_clientes as you can see here:

UPDATE clientes SET nome='Manuel Cruz',telefone='912345654',e_mail='manuelcruz@mail.pt',morada='Praça das Lamúrias, Faro',pontos='66' WHERE id_clientes=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

abduraooft
01-21-2010, 01:49 PM
UPDATE clientes SET nome='Manuel Cruz',telefone='912345654',e_mail='manuelcruz@mail.pt',morada='Praça das Lamúrias, Faro',pontos='66' WHERE id_clientes= It's obvious, there's no value set for the variable $id_clientes

Namii
01-21-2010, 02:00 PM
Wouldnt this
$id_clientes = $_POST['id_clientes']; set a value for the variable id_clientes?

Else I didn't understand about the value set :S sorry, i'm learning by myself therefore the dumb questions..

And now i get

Unknown column 'post' in 'where clause'

abduraooft
01-21-2010, 02:41 PM
Wouldnt this

$id_clientes = $_POST['id_clientes'];
set a value for the variable id_clientes? Yes, provided there's something set in that variable. You may check it by the code

echo '<pre>';
print_r($_POST);
echo '</pre>';

Namii
01-21-2010, 03:40 PM
Yeah id_clientes is empty.

Array
(
[id_clientes] =>
[nome] => Manuel Cruz
[telefone] => 912323252
[e_mail] => manuelcruz@mail.pt
[morada] => Praça da Liberdade, Lisboa
[pontos] => 20
)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1


Ok this is my edit.. I have a form so a person can choose what ID they want to edit and Submit to another form who will show the info of that row so a person can edit name.. or phone etc.. The ID is shown at that form but then after that the second form wont pass the ID to the update.php which is what we're talking about at the moment.

And i think that this one won't pass the ID to the update.php



<?php

$id_clientes = $_POST['id_clientes'];

$db="database";
$link = mysql_connect('localhost','root','');
if (! $link)
die("Impossível ligar ao MySQL");
mysql_select_db($db , $link)
or die("Impossível abrir $db: ".mysql_error());
$result = mysql_query("SELECT * FROM clientes WHERE id_clientes=$id_clientes");
$info = mysql_fetch_array($result);

mysql_close($link);

if (($result)==1){
echo "<p>Informação seleccionada com sucesso!</p><br>";
}

?>

<form method="POST" action="update_clientes.php">
<table>
<col span="1" align="right">
<tr>
<td><font color="blue">ID:<font color="black"><?php echo $_POST['id_clientes']; ?></font></font></td>
<td><input type="hidden" name="id_clientes" size=100></td>
</tr>
<tr>
<td><font color="blue">Nome:<?php Print "<td><font color='red'>".$info['nome'] . "</font></td> "; ?></td>
<td><input type="text" name="nome" size=100></td>
</tr>
<tr>
<td><font color="blue">Telefone:<?php Print "<td><font color='red'>".$info['telefone'] . "</font></td> "; ?></td>
<td><input type="text" name="telefone" size=100></td>
</tr>
<tr>
<td><font color="blue">E-Mail:<?php Print "<td><font color='red'>".$info['e_mail'] . "</font></td> "; ?></td>
<td><input type="text" name="e_mail" size=100></td>
</tr>
<tr>
<td><font color="blue">Morada:<?php Print "<td><font color='red'>".$info['morada'] . "</font></td> "; ?></td>
<td><input type="text" name="morada" size=100></td>
</tr>
<tr>
<td><font color="blue">Pontos:<?php Print "<td><font color='red'>".$info['pontos'] . "</font></td> "; ?></td>
<td><input type="text" name="pontos" size=100></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>

abduraooft
01-21-2010, 03:58 PM
<input type="hidden" name="id_clientes" size=100> Don't you need to assign the value from DB to that field?

<input type="hidden" name="id_clientes" value="<?php echo $_POST['id_clientes']; ?>">
(You should have posted your complete code, to save the time at either end! Anyway, I hope you'll remember all the steps that we have done, while you debug your code in future)

PS: Your query is susceptible to sql injection (http://php.net/manual/en/security.database.sql-injection.php)!

Namii
01-21-2010, 07:33 PM
OK Thank you. I tried the print array and id_clientes now shows but still I get a blank page and doesnt do anything. I'll post my code again:




<?php

$id_clientes = $_POST['id_clientes'];

$db="database";
$link = mysql_connect('localhost','root','');
if (! $link)
die("Impossível ligar ao MySQL");
mysql_select_db($db , $link)
or die("Impossível abrir $db: ".mysql_error());
$result = mysql_query("SELECT * FROM clientes WHERE id_clientes=$id_clientes");
$info = mysql_fetch_array($result);

mysql_close($link);

if (($result)==1){
echo "<p>Informação seleccionada com sucesso!</p><br>";
}

?>



P.S. Honestly i didnt understood much of sql injection. But thank you i'll give it give it some reads.

Namii
01-22-2010, 09:45 PM
Ok i figured it out by myself. Thanks for all your help abduraooft.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum