Hi..guys!I have written a script to update form data but seems not work at all.:confused:



<?php

$tbl_name = "member";
if (isset($_POST['update'])) {
$update = mysql_query("
UPDATE
$tbl_name
SET
name = '" . mysql_real_escape_string($_POST['name']) . "',
telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
address = '" . mysql_real_escape_string($_POST['address']) . "'
WHERE
name = '" . mysql_real_escape_string($_REQUEST['name']) . "',
telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',
address = '" . mysql_real_escape_string($_REQUEST['address']) . "'
");


//echo($update);
//exit();
$updatedResult = mysql_query($update) or die(mysql_error());



if (mysql_affected_rows() == 1) {
?>
<script type="text/javascript">
alert("Your profile already updated.");
history.back();
</script>
<?php

//THIS CODE IS UNCOMMENTED
//So that people without JS can still see the message.
die("Your profile already updated");
//END
}

}
}
?>

you are referencing mysql_query() twice... so it is erroring out... just use the statement in the update declaration


$update = "
UPDATE
$tbl_name
SET
name = '" . mysql_real_escape_string($_POST['name']) . "',
telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
address = '" . mysql_real_escape_string($_POST['address']) . "'
WHERE
name = '" . mysql_real_escape_string($_REQUEST['name']) . "',
telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',
address = '" . mysql_real_escape_string($_REQUEST['address']) . "'
";


also, why would you check for 3 conditions of the appropriate user? do you not have a unique id number for each user? if you do I would grab that and use that as the where clause, as it is a very easy reference point and its guarenteed unique

Moreover, this doesn't actually do anything. You're updating the data with itself.

P.S. it might be worth defining a function:
$s = create_function('$a', 'return mysql_real_escape_string($_REQUEST[\'$a\']);');... and using $s('name') rather than mysql_real_escape_string($_REQUEST['name']). The latter is rather unnecessarily long-winded.

you are referencing mysql_query() twice... so it is erroring out... just use the statement in the update declaration


$update = "
UPDATE
$tbl_name
SET
name = '" . mysql_real_escape_string($_POST['name']) . "',
telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
address = '" . mysql_real_escape_string($_POST['address']) . "'
WHERE
name = '" . mysql_real_escape_string($_REQUEST['name']) . "',
telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',
address = '" . mysql_real_escape_string($_REQUEST['address']) . "'
";


also, why would you check for 3 conditions of the appropriate user? do you not have a unique id number for each user? if you do I would grab that and use that as the where clause, as it is a very easy reference point and its guarenteed unique


I have an auto-increment id for each record.Does it should be like the following?I never display id in the form?Should I?



$update = " UPDATE $tbl_name SET
name = '" . mysql_real_escape_string($_POST['name']) . "',
telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
address = '" . mysql_real_escape_string($_POST['address']) . "'
WHERE
id = '" . mysql_real_escape_string($_REQUEST['id']) . "'";

it depends on how you are referencing this user in the form. how do you populate the fields? whenever you are grabbing the info for the form, you can set the ID of the user to the session $_SESSION['userId']= ____ then you call the session variable in the where clause.

...
WHERE id = '". $_SESSION['userId'] . "'";

Thanks for help,problem resolved.The user is referred by a fix email address in the form.So I put email = '" . $_SESSION['gmemberid'] . "'" in WHERE clause