update the database with a php file. 100np$

abcde · 11-08-2009, 04:31 AM

I have a little database like this and sometime i need to edit the quotes/author. I tried it with the code below, but it doesn't seem to work when I submitted.

Could anyone please help? rep and 100np$ will be sent over to you as soon as this is working.

Thanks

Code:

CREATE TABLE IF NOT EXISTS `quotes` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `author` varchar(255) NOT NULL default '',
  `quote` mediumtext NOT NULL,
  `live` int(1) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=100 ;

--
-- Dumping data for table `quotes`
--

INSERT INTO `quotes` (`id`, `author`, `quote`, `live`) VALUES
(1, 'xxx', 'yyyyyy', '1'),
(2, 'aaa', 'zzzz', '1'),
(3, 'bbb', 'cccc', '1'),

PHP Code:

  <? 
//connect to mysql
    include("./db.php");


//If action has not been initialized
if(!isset($action)) 
{
   //display all the quotes
   $result = mysql_query("select * from quotes ORDER BY id LIMIT 0, 10"); 
   
   //run the while loop that grabs all the quotess scripts
   while($r=mysql_fetch_array($result)) 
   { 
      //grab the quote and the ID of the data
????: NamePros.com http://www.namepros.com/programming/621754-update-the-database-php-file-100np.html
      $quote=$r["quote"];//take out the quote
      $author=$r["author"];//take out the author
      $id=$r["id"];//take out the id
     
     //make the quote a link
     echo ""."$quote"."  - "."$author"." -  ";
????: NamePros.com http://www.namepros.com/showthread.php?t=621754
     echo "<a href='edit.php?action=edit&id=$id'>Edit</a>";
      echo "<br>";
    }
}
?>
<?
if($_REQUEST['action'] == "edit")
{
   if (!isset($_POST["submit"]))
   {
      $id = $_REQUEST["id"];
      $sql = "SELECT * FROM quotes WHERE id=$id";
      $result = mysql_query($sql);        
      $myrow = mysql_fetch_array($result);
      ?>
      
      <form action="edit.php" method="post">
      <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
   
      Quote:<TEXTAREA NAME="quote" ROWS=10 COLS=30><? echo $myrow["quote"] ?></TEXTAREA><br>
      Author:<INPUT TYPE="TEXT" NAME="author" VALUE="<?php echo $myrow["author"] ?>" SIZE=30><br>
   
      <input type="hidden" name="action" value="edit">
   
      <input type="submit" name="submit" value="submit">
   
      </form>
   
<? } 
   if ($_POST["$submit"])
   {
      $quote = $_POST["quote"];
      $author = $_POST["author"];
      
      $sql = "UPDATE quotes SET quote=$quote author=$author WHERE id=$id";
      //replace news with your table name above
      $result = mysql_query($sql);
      echo "Thank you! Information updated.";
    }
}
?>

pixelhero · 11-08-2009, 07:13 AM

Getting any mysql error? or blank page? whats the result when you click Sumbit?

adamo · 11-08-2009, 08:16 AM

You probably would get an error because the $quote and $author are a string in such case you sould surround them with " ' " before writing in the database.

"UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

abcde · 11-08-2009, 11:35 AM

It doesn't give any error. It just doesn't change after I edited.

demo: http://tienganh.net/ese/quote-new/admin/edit.php

-NC- · 11-09-2009, 12:25 AM

at a glance, change:

if ($_POST["$submit"])

to:

if ($_POST["submit"])

also, change:

"UPDATE quotes SET quote=$quote author=$author WHERE id=$id";

to:

"UPDATE quotes SET quote='".mysql_escape_real($quote)."', author='".mysql_escape_real($author)."' WHERE id=$id";

abcde · 11-09-2009, 02:44 PM

-NC-,

Thanks, but when I replace the update query, i got this error.

Fatal error: Call to undefined function mysql_escape_real() in /home/******/public_html/ese/quote-new/admin/edit.php

-NC- · 11-09-2009, 08:09 PM

odd. well, at least the query is running now.
you could try mysql_real_escape_string(), just put the query back to the way you had it or use adamos suggestion for the query code.

"UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

qbert220 · 11-10-2009, 06:03 AM

The correct query should be:

PHP Code:

        $sql = "UPDATE quotes SET quote='".mysql_real_escape_string($quote)."', author='".mysql_real_escape_string($author)."' WHERE id=".intval($id); 

????: NamePros.com http://www.namepros.com/showthread.php?t=621754

If you use:

PHP Code:

        $sql = "UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

then your code will be open to MySQL injection attacks.

11-08-2009, 04:31 AM	THREAD STARTER #1 (permalink)
abcde NamePros Regular Join Date: Feb 2005 Posts: 578	update the database with a php file. 100np$ I have a little database like this and sometime i need to edit the quotes/author. I tried it with the code below, but it doesn't seem to work when I submitted. Could anyone please help? rep and 100np$ will be sent over to you as soon as this is working. Thanks Code: CREATE TABLE IF NOT EXISTS `quotes` ( `id` int(10) unsigned NOT NULL auto_increment, `author` varchar(255) NOT NULL default '', `quote` mediumtext NOT NULL, `live` int(1) unsigned NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=100 ; -- -- Dumping data for table `quotes` -- INSERT INTO `quotes` (`id`, `author`, `quote`, `live`) VALUES (1, 'xxx', 'yyyyyy', '1'), (2, 'aaa', 'zzzz', '1'), (3, 'bbb', 'cccc', '1'), PHP Code: <? //connect to mysql include("./db.php"); //If action has not been initialized if(!isset($action)) { //display all the quotes $result = mysql_query("select * from quotes ORDER BY id LIMIT 0, 10"); //run the while loop that grabs all the quotess scripts while($r=mysql_fetch_array($result)) { //grab the quote and the ID of the data ????: NamePros.com http://www.namepros.com/programming/621754-update-the-database-php-file-100np.html $quote=$r["quote"];//take out the quote $author=$r["author"];//take out the author $id=$r["id"];//take out the id //make the quote a link echo ""."$quote"." - "."$author"." - "; ????: NamePros.com http://www.namepros.com/showthread.php?t=621754 echo "<a href='edit.php?action=edit&id=$id'>Edit</a>"; echo "<br>"; } } ?> <? if($_REQUEST['action'] == "edit") { if (!isset($_POST["submit"])) { $id = $_REQUEST["id"]; $sql = "SELECT * FROM quotes WHERE id=$id"; $result = mysql_query($sql); $myrow = mysql_fetch_array($result); ?> <form action="edit.php" method="post"> <input type=hidden name="id" value="<?php echo $myrow["id"] ?>"> Quote:<TEXTAREA NAME="quote" ROWS=10 COLS=30><? echo $myrow["quote"] ?></TEXTAREA><br> Author:<INPUT TYPE="TEXT" NAME="author" VALUE="<?php echo $myrow["author"] ?>" SIZE=30><br> <input type="hidden" name="action" value="edit"> <input type="submit" name="submit" value="submit"> </form> <? } if ($_POST["$submit"]) { $quote = $_POST["quote"]; $author = $_POST["author"]; $sql = "UPDATE quotes SET quote=$quote author=$author WHERE id=$id"; //replace news with your table name above $result = mysql_query($sql); echo "Thank you! Information updated."; } } ?> __________________ Freebies and Giveaways - Printable Coupons - Hot Deals - Coupons - Deal of the Day

11-08-2009, 07:13 AM	#2 (permalink)
pixelhero NamePros Regular Join Date: May 2008 Location: England Posts: 771	Getting any mysql error? or blank page? whats the result when you click Sumbit? __________________ pixelhero Web Development Studios UK

11-08-2009, 08:16 AM	#3 (permalink)
adamo NamePros Member Join Date: Aug 2008 Location: poland Posts: 94 Follow @depcore	You probably would get an error because the $quote and $author are a string in such case you sould surround them with " ' " before writing in the database. "UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id"; __________________ web design/development

11-08-2009, 11:35 AM	THREAD STARTER #4 (permalink)
abcde NamePros Regular Join Date: Feb 2005 Posts: 578	It doesn't give any error. It just doesn't change after I edited. demo: http://tienganh.net/ese/quote-new/admin/edit.php __________________ Freebies and Giveaways - Printable Coupons - Hot Deals - Coupons - Deal of the Day

11-09-2009, 12:25 AM	#5 (permalink)
-NC- Traveller Join Date: Mar 2007 Location: Yet another city Posts: 1,419	at a glance, change: if ($_POST["$submit"]) to: if ($_POST["submit"]) also, change: "UPDATE quotes SET quote=$quote author=$author WHERE id=$id"; to: "UPDATE quotes SET quote='".mysql_escape_real($quote)."', author='".mysql_escape_real($author)."' WHERE id=$id"; __________________ NameCooler.com Last edited by -NC-; 11-09-2009 at 12:31 AM.

11-09-2009, 02:44 PM	THREAD STARTER #6 (permalink)
abcde NamePros Regular Join Date: Feb 2005 Posts: 578	-NC-, Thanks, but when I replace the update query, i got this error. Fatal error: Call to undefined function mysql_escape_real() in /home/****/public_html/ese/quote-new/admin/edit.php __________________ Freebies and Giveaways - Printable Coupons - Hot Deals - Coupons - Deal of the Day**

11-09-2009, 08:09 PM	#7 (permalink)
-NC- Traveller Join Date: Mar 2007 Location: Yet another city Posts: 1,419	odd. well, at least the query is running now. you could try mysql_real_escape_string(), just put the query back to the way you had it or use adamos suggestion for the query code. "UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id"; __________________ NameCooler.com Last edited by -NC-; 11-09-2009 at 08:18 PM.

11-10-2009, 06:03 AM	#8 (permalink)
qbert220 NamePros Regular Join Date: Jul 2007 Location: UK Posts: 394	The correct query should be: PHP Code: `$sql = "UPDATE quotes SET quote='".mysql_real_escape_string($quote)."', author='".mysql_real_escape_string($author)."' WHERE id=".intval($id); ????: NamePros.com http://www.namepros.com/showthread.php?t=621754` If you use: PHP Code: `$sql = "UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";` then your code will be open to MySQL injection attacks. __________________ DNS Test and Check - PHP Tutorials Credit Score Ratings FHA Loan Information

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)