Unsuccessful Update

**devil_vin** · 09-18-2007, 01:40 PM

Hi..guys!I have written a script to update form data but seems not work at all.

PHP Code:


<?php



    $tbl_name = "member";

    if (isset($_POST['update'])) {

        $update = mysql_query("

                UPDATE 

                    $tbl_name

                 SET

             name = '" . mysql_real_escape_string($_POST['name']) . "',

             telephone = '" . mysql_real_escape_string($_POST['phone']) . "',

             address = '" . mysql_real_escape_string($_POST['address']) . "'

                 WHERE

             name =  '" . mysql_real_escape_string($_REQUEST['name']) . "',

             telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',

             address = '" . mysql_real_escape_string($_REQUEST['address']) . "'

              ");





        //echo($update);

        //exit();

        $updatedResult = mysql_query($update) or die(mysql_error());







        if (mysql_affected_rows() == 1) {

?>

         <script type="text/javascript">

         alert("Your profile already updated.");

         history.back();

         </script>

    <?php



            //THIS CODE IS UNCOMMENTED

            //So that people without JS can still see the message.

            die("Your profile already updated");

            //END

        }



    }

}

?>

**boogyman** · 09-18-2007, 01:47 PM

you are referencing mysql_query() twice... so it is erroring out... just use the statement in the update declaration

Code:

        $update = "
                UPDATE 
                    $tbl_name
                 SET
             name = '" . mysql_real_escape_string($_POST['name']) . "',
             telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
             address = '" . mysql_real_escape_string($_POST['address']) . "'
                 WHERE
             name =  '" . mysql_real_escape_string($_REQUEST['name']) . "',
             telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',
             address = '" . mysql_real_escape_string($_REQUEST['address']) . "'
              ";

also, why would you check for 3 conditions of the appropriate user? do you not have a unique id number for each user? if you do I would grab that and use that as the where clause, as it is a very easy reference point and its guarenteed unique

**Twey** · 09-18-2007, 01:49 PM

Moreover, this doesn't actually do anything. You're updating the data with itself.

P.S. it might be worth defining a function:

Code:

$s = create_function('$a', 'return mysql_real_escape_string($_REQUEST[\'$a\']);');

... and using $s('name') rather than mysql_real_escape_string($_REQUEST['name']). The latter is rather unnecessarily long-winded.

**devil_vin** · 09-18-2007, 02:06 PM

Originally Posted by boogyman

you are referencing mysql_query() twice... so it is erroring out... just use the statement in the update declaration

Code:

        $update = "
                UPDATE 
                    $tbl_name
                 SET
             name = '" . mysql_real_escape_string($_POST['name']) . "',
             telephone = '" . mysql_real_escape_string($_POST['phone']) . "',
             address = '" . mysql_real_escape_string($_POST['address']) . "'
                 WHERE
             name =  '" . mysql_real_escape_string($_REQUEST['name']) . "',
             telephone = '" . mysql_real_escape_string($_REQUEST['telephone']) . "',
             address = '" . mysql_real_escape_string($_REQUEST['address']) . "'
              ";

also, why would you check for 3 conditions of the appropriate user? do you not have a unique id number for each user? if you do I would grab that and use that as the where clause, as it is a very easy reference point and its guarenteed unique

I have an auto-increment id for each record.Does it should be like the following?I never display id in the form?Should I?

PHP Code:


 $update = " UPDATE  $tbl_name SET

     name = '" . mysql_real_escape_string($_POST['name']) . "',

     telephone = '" . mysql_real_escape_string($_POST['phone']) . "',

     address = '" . mysql_real_escape_string($_POST['address']) . "'

  WHERE

     id =  '" . mysql_real_escape_string($_REQUEST['id']) . "'";

**boogyman** · 09-18-2007, 02:18 PM

it depends on how you are referencing this user in the form. how do you populate the fields? whenever you are grabbing the info for the form, you can set the ID of the user to the session $_SESSION['userId']= ____ then you call the session variable in the where clause.

PHP Code:


...
WHERE id = '". $_SESSION['userId'] . "'";

**devil_vin** · 09-18-2007, 02:25 PM

Thanks for help,problem resolved.The user is referred by a fix email address in the form.So I put email = '" . $_SESSION['gmemberid'] . "'" in WHERE clause

Thread: Unsuccessful Update

Thread Tools

Search Thread

Unsuccessful Update

Bookmarks

Bookmarks

Posting Permissions