Edit database entries with form

Kineas · 11-07-2009, 01:32 AM

For each of my blog entries, I want to be able to click a link underneath it and for it to open a page with a form to edit the message. When clicking the link, it takes the user to www.abc.com/blog.php?edit= and then has the blog entries id number. So far, I've tried to retrieve the data from the database and have it in a text area ready for editting, this is my code:

PHP Code:


			
if ((isset ($_GET['edit'])) && (preg_match('|[0-9]+|', $_GET['edit']))){


  $id = mysql_real_escape_string($_GET['blog']);

  $sql ="SELECT * FROM messages WHERE id=$id"; 
  $queryResult=mysql_query($sql); 
  if (mysql_num_rows($queryResult) == 1) {
    $dbRecord = mysql_fetch_assoc ($queryResult);


echo "<form action=\"$change\" method=\"post\">";
echo "<p>{dbRecord['title']}</p>";
echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>";
echo "<input type=\"submit\" value=\"submit\">";
echo "</form> ";

  }

It's currently giving an error that I can't fix, about the supplied argument is not a valid MySQL result resource. Any help with this function would be great, thanks.

Coyote6 · 11-07-2009, 07:27 AM

Looks like just few minor syntax errors. Mainly you are trying to get the blog variable instead of the edit for the $id.

PHP Code:


			
$id = mysql_real_escape_string($_GET['blog']);



// Should be...

$id = mysql_real_escape_string($_GET['edit']);

PHP Code:


			
if ((isset ($_GET['edit'])) && (preg_match('|^[0-9]+$|i', $_GET['edit']))){

    $id = mysql_real_escape_string($_GET['edit']);

    $sql ="SELECT * FROM `messages` WHERE `id`=$id"; 

    $queryResult = @mysql_query ($sql);

    if (mysql_num_rows ($queryResult) == 1) {

        $dbRecord = mysql_fetch_assoc ($queryResult);

        echo "<form action=\"$change\" method=\"post\">";

        echo "<p>{$dbRecord['title']}</p>";

        echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>";

        echo "<input type=\"submit\" value=\"submit\">";

        echo "</form> ";

    }

}

Kineas · 11-07-2009, 11:25 AM

Thanks for the reply, that's working great. Now all I need is for the database entry to be updated when the user clicks submit. I'm guessing I would have to make a seperate php file that it directs to when submit is clicked, and would possibly be similar to code that adds to the database but has CHANGE in there somewhere?

abduraooft · 11-07-2009, 11:28 AM

Quote:

I'm guessing I would have to make a seperate php file that it directs to when submit is clicked

Not really. You could submit to the same page and write another condition based on the submitted data,

Code:

echo "<input type=\"submit\" value=\"submit\" name=\"submit\">";

PHP Code:


			
if(isset($_POST['submit'])){
//code to update post here.
}

Kineas · 11-07-2009, 03:17 PM

I'm almost there now, when the form is submitted, it uses POST to transfer the data held in $_POST['editid'], $_POST['edittitle'], and $_POST['editmessage'].

Now all I need is the mysql command to change the title to edittitle and message to editmessage where id = editid. I tried the following code, but it keeps throwing an error.

PHP Code:


			
if(isset($_POST['submitedit'])){

$result = mysql_query("UPDATE messages SET message='{$_POST['editmessage']}' WHERE id='{[$_POST['editid']}'");
or die(mysql_error()); }

Anyone know the command?

abduraooft · 11-07-2009, 03:27 PM

Try

PHP Code:


			
if(isset($_POST['submitedit'])){

$result = mysql_query("UPDATE messages SET message='{$_POST['editmessage']}', title={$_POST['edittitle']} WHERE id='{$_POST['editid']}'") or die(mysql_error()); 
}

(assuming you've named your submit buttons as submitedit )

PS: Your query is susceptible to sql injection

Kineas · 11-07-2009, 03:53 PM

Thanks. I'm not too bothered about sql injection as the website is for a university assignment, and won't be actually holding any important data, nor will anyone actually know the url to it apart from me, but thanks anyway.

abduraooft · 11-07-2009, 04:00 PM

Quote:

Originally Posted by Kineas

Thanks. I'm not too bothered about sql injection as the website is for a university assignment, and won't be actually holding any important data, nor will anyone actually know the url to it apart from me, but thanks anyway.

But still, if you submit any title or message having characters like single-quotes,double-quotes etc, your query will fail.

11-07-2009, 01:32 AM	PM User \| #1
Kineas New Coder Join Date: Oct 2009 Posts: 28 Thanks: 4 Thanked 0 Times in 0 Posts	Edit database entries with form For each of my blog entries, I want to be able to click a link underneath it and for it to open a page with a form to edit the message. When clicking the link, it takes the user to www.abc.com/blog.php?edit= and then has the blog entries id number. So far, I've tried to retrieve the data from the database and have it in a text area ready for editting, this is my code: PHP Code: if ((isset ($_GET['edit'])) && (preg_match('\|[0-9]+\|', $_GET['edit']))){ $id = mysql_real_escape_string($_GET['blog']); $sql ="SELECT * FROM messages WHERE id=$id"; $queryResult=mysql_query($sql); if (mysql_num_rows($queryResult) == 1) { $dbRecord = mysql_fetch_assoc ($queryResult); echo "<form action=\"$change\" method=\"post\">"; echo "<p>{dbRecord['title']}</p>"; echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>"; echo "<input type=\"submit\" value=\"submit\">"; echo "</form> "; } It's currently giving an error that I can't fix, about the supplied argument is not a valid MySQL result resource. Any help with this function would be great, thanks.

11-07-2009, 07:27 AM	PM User \| #2
Coyote6 Regular Coder Join Date: May 2009 Location: Horn Toad Ville, CA Posts: 144 Thanks: 7 Thanked 30 Times in 30 Posts	Looks like just few minor syntax errors. Mainly you are trying to get the blog variable instead of the edit for the $id. PHP Code: `$id = mysql_real_escape_string($_GET['blog']); // Should be... $id = mysql_real_escape_string($_GET['edit']);` PHP Code: if ((isset ($_GET['edit'])) && (preg_match('\|^[0-9]+$\|i', $_GET['edit']))){ $id = mysql_real_escape_string($_GET['edit']); $sql ="SELECT * FROM `messages` WHERE `id`=$id"; $queryResult = @mysql_query ($sql); if (mysql_num_rows ($queryResult) == 1) { $dbRecord = mysql_fetch_assoc ($queryResult); echo "<form action=\"$change\" method=\"post\">"; echo "<p>{$dbRecord['title']}</p>"; echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>"; echo "<input type=\"submit\" value=\"submit\">"; echo "</form> "; } } Last edited by Coyote6; 11-07-2009 at 07:30 AM..

11-07-2009, 03:17 PM	PM User \| #5
Kineas New Coder Join Date: Oct 2009 Posts: 28 Thanks: 4 Thanked 0 Times in 0 Posts	I'm almost there now, when the form is submitted, it uses POST to transfer the data held in $_POST['editid'], $_POST['edittitle'], and $_POST['editmessage']. Now all I need is the mysql command to change the title to edittitle and message to editmessage where id = editid. I tried the following code, but it keeps throwing an error. PHP Code: `if(isset($_POST['submitedit'])){ $result = mysql_query("UPDATE messages SET message='{$_POST['editmessage']}' WHERE id='{[$_POST['editid']}'"); or die(mysql_error()); }` Anyone know the command? Last edited by Kineas; 11-07-2009 at 03:22 PM..

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

11-07-2009, 11:25 AM	PM User \| #3
Kineas New Coder Join Date: Oct 2009 Posts: 28 Thanks: 4 Thanked 0 Times in 0 Posts	Thanks for the reply, that's working great. Now all I need is for the database entry to be updated when the user clicks submit. I'm guessing I would have to make a seperate php file that it directs to when submit is clicked, and would possibly be similar to code that adds to the database but has CHANGE in there somewhere?

11-07-2009, 03:53 PM	PM User \| #7
Kineas New Coder Join Date: Oct 2009 Posts: 28 Thanks: 4 Thanked 0 Times in 0 Posts	Thanks. I'm not too bothered about sql injection as the website is for a university assignment, and won't be actually holding any important data, nor will anyone actually know the url to it apart from me, but thanks anyway.