Update the database with a php file. 100np$

[abcde]

I have a little database like this and sometime i need to edit the quotes/author. I tried it with the code below, but it doesn't seem to work when I submitted.

Could anyone please help? rep and 100np$ will be sent over to you as soon as this is working.

Thanks

CREATE TABLE IF NOT EXISTS `quotes` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `author` varchar(255) NOT NULL default '',
  `quote` mediumtext NOT NULL,
  `live` int(1) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=100 ;

--
-- Dumping data for table `quotes`
--

INSERT INTO `quotes` (`id`, `author`, `quote`, `live`) VALUES
(1, 'xxx', 'yyyyyy', '1'),
(2, 'aaa', 'zzzz', '1'),
(3, 'bbb', 'cccc', '1'),

<? 
//connect to mysql
    include("./db.php");


//If action has not been initialized
if(!isset($action)) 
{
   //display all the quotes
   $result = mysql_query("select * from quotes ORDER BY id LIMIT 0, 10"); 
   
   //run the while loop that grabs all the quotess scripts
   while($r=mysql_fetch_array($result)) 
   { 
      //grab the quote and the ID of the data
      $quote=$r["quote"];//take out the quote
      $author=$r["author"];//take out the author
      $id=$r["id"];//take out the id
     
     //make the quote a link
     echo ""."$quote"."  - "."$author"." -  ";
     echo "<a href='edit.php?action=edit&id=$id'>Edit</a>";
      echo "<br>";
    }
}
?>
<?
if($_REQUEST['action'] == "edit")
{
   if (!isset($_POST["submit"]))
   {
      $id = $_REQUEST["id"];
      $sql = "SELECT * FROM quotes WHERE id=$id";
      $result = mysql_query($sql);        
      $myrow = mysql_fetch_array($result);
      ?>
      
      <form action="edit.php" method="post">
      <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
   
      Quote:<TEXTAREA NAME="quote" ROWS=10 COLS=30><? echo $myrow["quote"] ?></TEXTAREA><br>
      Author:<INPUT TYPE="TEXT" NAME="author" VALUE="<?php echo $myrow["author"] ?>" SIZE=30><br>
   
      <input type="hidden" name="action" value="edit">
   
      <input type="submit" name="submit" value="submit">
   
      </form>
   
<? } 
   if ($_POST["$submit"])
   {
      $quote = $_POST["quote"];
      $author = $_POST["author"];
      
      $sql = "UPDATE quotes SET quote=$quote author=$author WHERE id=$id";
      //replace news with your table name above
      $result = mysql_query($sql);
      echo "Thank you! Information updated.";
    }
}
?>

 

[pixelbypixel]

Getting any mysql error? or blank page? whats the result when you click Sumbit?

 

[adamo]

You probably would get an error because the $quote and $author are a string in such case you sould surround them with " ' " before writing in the database.

"UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

 

[abcde]

It doesn't give any error. It just doesn't change after I edited.

demo: http://tienganh.net/ese/quote-new/admin/edit.php

 

[-NC-]

at a glance, change:

if ($_POST["$submit"])

to:

if ($_POST["submit"])

also, change:

"UPDATE quotes SET quote=$quote author=$author WHERE id=$id";

to:

"UPDATE quotes SET quote='".mysql_escape_real($quote)."', author='".mysql_escape_real($author)."' WHERE id=$id";

 

[abcde]

-NC-,

Thanks, but when I replace the update query, i got this error.

Fatal error: Call to undefined function mysql_escape_real() in /home/******/public_html/ese/quote-new/admin/edit.php

 

[-NC-]

odd. well, at least the query is running now.
you could try mysql_real_escape_string(), just put the query back to the way you had it or use adamos suggestion for the query code.

"UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

 

[qbert220]

The correct query should be:

      $sql = "UPDATE quotes SET quote='".mysql_real_escape_string($quote)."', author='".mysql_real_escape_string($author)."' WHERE id=".intval($id);

If you use:

      $sql = "UPDATE quotes SET quote='$quote' author='$author' WHERE id=$id";

then your code will be open to MySQL injection attacks.