0

again I'm trying to study php mysql and it seems that I tried everything thing to figure the problem out.. but it seems as a beginner codes in the internet are not helping.. I really can't update the records in the database.

<html>
<body>
<?php
$db = mysql_connect("localhost", "root");
mysql_select_db("dbtry",$db);
$id = isset($_GET['id']) ? $_GET['id'] : null;
$submit = isset($_POST['submit']);
if ($id) {
if ($submit) {

        $result = mysql_query("select * from employees where id = " . mysql_real_escape_string($_GET['id']) );
        $row = mysql_num_rows($result);

if ($myrow != 0) {
mysql_query ("UPDATE employees SET firstname='$first',lastname='$last',address='$address',position='$position' WHERE id = '$id'");

}


echo "Thank you! Information updated.\n";
} else {
// query the DB
$result = mysql_query("SELECT * FROM `employees` WHERE `id` = " . mysql_real_escape_string($_GET['id']), $db);

$myrow = mysql_fetch_array($result);
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
First name:<input type="Text" name="first" value="<?php echo $myrow["firstname"] ?>"><br>
Last name:<input type="Text" name="last" value="<?php echo $myrow["lastname"] ?>"><br>
Address:<input type="Text" name="address" value="<?php echo $myrow["address"]
?>"><br>
Position:<input type="Text" name="position" value="<?php echo $myrow["position"]
?>"><br>
<input type="Submit" name="submit" value="Enter information">
</form>
<?php
}
} else {
// display list of employees
$result = mysql_query("SELECT * FROM employees",$db);
while ($myrow = mysql_fetch_array($result)) {
printf("<a href=\"%s?id=%s\">%s %s</a><br>\n",  $_SERVER['PHP_SELF'], $myrow["id"],
$myrow["firstname"], $myrow["lastname"]);
}
}
?>
</body>
</html>
Cœur
  • 37,241
  • 25
  • 195
  • 267
helloworld22
  • 21
  • 1

5 Answers5

1

There are two things potentially causing you a problem: firstly, the values you are trying to set are variables which have not been defined. I'm assuming the begginers code you found assumed you had register globals enabled, you really don't want to do this!

The second problem, is that if you do have register globals enabled, the data isn't being sanitized, so a quotation mark could send the update awry.

Try this instead:

$first = mysql_real_escape_string( $_POST['first'] );
$last = mysql_real_escape_string( $_POST['last'] );
$address= mysql_real_escape_string( $_POST['address'] );
$position = mysql_real_escape_string( $_POST['position'] );

mysql_query ("UPDATE employees SET firstname='$first',lastname='$last',address='$address',position='$position' WHERE id = '$id'");

This should at least get you up and running. I'd strongly advise that you use either the MySQLi library, or PHP PDO, and think about using prepared statements for added security.

Michael
  • 231
  • 2
  • 6
  • i have tried this but still its not working..is there a possiblity that it is my computer's security or with the server i use or with the browser,, i try add,delete,search and view and the code is working well.. but with edit i'm really facing a great confusion :) – helloworld22 Apr 09 '12 at 15:00
0

Usually when I run into this problem, it's because auto commit is off and I forgot to tell the connection explicitly to commit.

EDIT: Have you tried this: How can I implement commit/rollback for MySQL in PHP?? Depending on your settings, InnoDB can be set to auto commit off, which means you need to tell MySQL explicitly to commit updates after your done.

Community
  • 1
  • 1
James Kingsbery
  • 7,298
  • 2
  • 38
  • 67
0
mysql_query("UPDATE `employees` SET `firstname`='".$first."', `lastname`='".$last."',
`address`='".$address."', `position`='".$position."' WHERE `id` = '".$id".' ; ", $db) or 
die(mysql_error());
dr.dimitru
  • 2,645
  • 1
  • 27
  • 36
0

I think the problem may lie in your connection to the database. The third parameter of the mysql_connect function is a password. Therefore this:

$db = mysql_connect("localhost", "root");

should be:

$db = mysql_connect("localhost", "root", "yourPassword");

It would also help a lot if you posted what type of error you are getting.

gimg1
  • 1,121
  • 10
  • 24
0

You need to differentiate post and get. Follow the working example below. It will sort you out :D

<html>
<body>
<?php
$db = mysql_connect("localhost", "root","");
mysql_select_db("test",$db);

if($_SERVER['REQUEST_METHOD']=='POST')
{
    //SUBMIT FORM
    $id=isset($_POST['id'])?$_POST['id']:0;
    if ($id) {
        $result = mysql_query("select * from parameter where id = " . mysql_real_escape_string($id) );
        $rows = mysql_num_rows($result);
        if ($rows != 0) {
        mysql_query ("UPDATE parameter SET name='".$_POST['name']."',value='".$_POST['value']."' WHERE id = '".$id."'");
        echo "Thank you! Information updated.\n";
    }
    }
}

if($_SERVER['REQUEST_METHOD']=='GET')
{
    //SELECT WHERE ID=GER VAR AND DISPLAY   
    $id = isset($_GET['id']) ? $_GET['id'] :0;// 
    if ($id) {
    // query the DB
    $result = mysql_query("SELECT * FROM parameter WHERE `id` = " . mysql_real_escape_string($_GET['id']), $db);
    $myrow = mysql_fetch_array($result);
    ?>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
    <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
    First name:<input type="Text" name="name" value="<?php echo $myrow["name"] ?>"><br>
    Last name:<input type="Text" name="value" value="<?php echo $myrow["value"] ?>"><br>
    <input type="Submit" name="submit" value="Enter information">
    </form>
    <?php
    }
    else {
    // display list of employees
    $result = mysql_query("SELECT * FROM parameter",$db);
    while ($myrow = mysql_fetch_array($result)) {
    echo "<a href='".$_SERVER['PHP_SELF']."?id=".$myrow['id']."'>".$myrow['name'].": ".$myrow['value']."</a><br>";
}
}
}
?>
</body>
</html>
John Essential Njue
  • 19
  • 3