Cannot write or update data in the database, plz help!

[mark103]

Hi guys,

 

I have a trouble of updating the data in the database by input the data at the end of the url. It have not been added in the table.

 

 

Here it is updated:

 

 

<?phpsession_start();    define('DB_HOST', 'localhost');    define('DB_USER', 'myusername');    define('DB_PASSWORD', 'mypassword');    define('DB_DATABASE', 'mydatabasename');    $errmsg_arr = array();    $errflag = false;    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);    if(!$link) {  die('Failed to connect to server: ' . mysql_error());    }    $db = mysql_select_db(DB_DATABASE);    if(!$db) {  die("Unable to select database");    }   function clean($var){return mysql_real_escape_string(strip_tags($var));    }    $login = clean($_GET['user']);    $password = clean($_GET['pass']);    $firstname = clean($_GET['firstname']);    if($login == '') {  $errmsg_arr[] = 'Login ID missing';  $errflag = true;    }    if($password == '') {  $errmsg_arr[] = 'PASSWORD ID missing';  $errflag = true;    }    if($value == '') {  $errmsg_arr[] = 'THE first name IS missing';  $errflag = true;    }    if($errflag) {  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;  echo implode('<br />',$errmsg_arr);   }   else {  $qry="SELECT * FROM members WHERE login='$login' AND passwd='$password'";  $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error());if(mysql_num_rows($result) > 0) {  $row = mysql_fetch_row($result);    echo $row[0];    }else {echo 'Username, Password or first name is not found.';close;$sql="INSERT INTO members (firstname, lastname)VALUES('$_POST[firstname]','$_POST[lastname]')";if (!mysql_query($sql,$con))  {  die('Error: ' . mysql_error());  }echo "first name have been updated";}?>

 

 

It have only login in the database but did not doing any update when I have input the data at the end of the url to get the database update.

 

Do you know why I can't update the data in the database by input the data in the url like this?

 

http://www.mysite.com/updatemysql.php?user=test&pass=test&firstname=shitorwhateveriwanttoinputandgetitupdate

 

Do you have any idea and maybe if I have miss something?

[rwwd]

You insert query is wrong for a start.

 

 

('$_POST[firstname]','$_POST[lastname]')";

 

 

Should be:-

 

 

('".$_POST['firstname']."','"'$_POST['lastname']."')";

 

 

If you leave off the quotes for the array key's, php will presume a constant is being referred to, and therefore should display an error to you, and I hope as your sanitising the data first....

 

Rw

[mark103]

Thanks, I have changed and updated the script, but I got an parse error.

 

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/username/public_html/mysite.com/updatemysql.php on line 62

 

 

The error are jumping on this line:

 

 

('".$_POST['firstname']."','"'$_POST['lastname']."')";

 

 

 

Think there could a mistake but not too sure. Do you have any idea why I got the error?

[Pikachu2000]

$sql="INSERT INTO members (firstname, lastname)
VALUES
('{$_POST[firstname]}','{$_POST[lastname]}')";

[rwwd]

Yep you have an extra ' and were missing a . for the last concatenation; try this:

('".$_POST['firstname']."','".$_POST['lastname']."')";

 

Hope that helps..

 

[EDIT]: @Pikachu2000: either either! Lol, it has been noted that curly's take less CPU power to parse, but I just prefer that way, old habits etc..

 

Rw

[mark103]

Thanks once again rwwd. However I have got another error

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/username/public_html/mysite.com/testupdate.php on line 64

 

Error:

if (!mysql_query($sql,$con))

 

what's wrong?

[Pikachu2000]

There is no variable $con defined anywhere in your code.

[mark103]

Im sorry, but I don't really get it. Could you please post the code, so for future use I would know what you would mean if you post the code?

[Pikachu2000]

Where do you see the variable $con defined? Anywhere? No. But the second parameter in mysql_query() should be a database link, so what do you think you should change $con to? What variable is defined as the database connection link?

[mark103]

Think it is okay now, I have fixed the problem.

 

However, please could you help me out as I am getting the error:

 

Error:

SELECT * FROM members WHERE login='test', passwd='test' AND firstname=myfirstnamewhateveriinput

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' passwd='test' AND firstname=myfirstnamewhateveriinput' at line 1

 

 

I don't know what the problem is, but it could be the select statement I have created which are incorrect?

 

$qry="SELECT * FROM members WHERE login='$login', passwd='$password' AND firstname=$firstname";
$result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error());

   
$sql="INSERT INTO members (firstname, lastname)
VALUES
('$_POST[firstname]','$_POST[lastname]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

[BlueSkyIS]

login='$login' AND passwd='$password' AND firstname='$firstname'

 

[mark103]

Thanks blueskyis, but I am getting another error which it is:

 

Parse error: syntax error, unexpected T_STRING in /home/username/public_html/mysite.com/testupdate.php on line 51

 

$sql="INSERT INTO members (firstname, lastname)

[mark103]

any idea?

[mark103]

bump

[Pikachu2000]

Post 5 lines before and after the error line.

[mark103]

Ok, here it is:

 

    define('DB_PASSWORD', 'mypassword');
    define('DB_DATABASE', 'mydatabasename');
       
$errmsg_arr = array();
    $errflag = false;

    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {

die('Failed to connect to server: ' . mysql_error());
    }

    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {

die("Unable to select database");
    }

   function clean($var){

return mysql_real_escape_string(strip_tags($var));
    }
      $login = clean($_GET['user']);
    $password = clean($_GET['pass']);
    $value = clean($_GET['firstname']);  //variable in the url you posted was firstname, not value.
    if($login == '') {
  $errmsg_arr[] = 'Login ID missing';
  $errflag = true;
    }
    if($password == '') {
  $errmsg_arr[] = 'PASSWORD ID missing';
  $errflag = true;
    }
    if($value == '') {
  $errmsg_arr[] = 'THE FIRSTNAME is missing';
  $errflag = true;
    }
    if($errflag) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  echo implode('<br />',$errmsg_arr);
   }
   else {
  $qry="SELECT * FROM members WHERE login='$login' AND passwd='$password'";

  $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error()); 
  
  if(mysql_num_rows($result) > 0) {
    $row = mysql_fetch_row($result);
  echo $row[0];
   }
  else {

echo 'Username, Password or value is not found.';

  $firstname = clean($_POST['firstname']);
  $lastname = clean($_POST['lastname']);

$sql="update members set firstname='$_POST[firstname],lastname=$_POST[lastname] where login='$login' and passwd='$password'";
VALUES

  $firstname = clean($_POST['firstname']);
  $lastname = clean($_POST['lastname']);


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "first name have been updated";
}
}
?>

[Pikachu2000]

You seriously need to start using an editor that supports syntax highlighting.

 

$sql="update members set firstname='$_POST[firstname],lastname=$_POST[lastname] where login='$login' and passwd='$password'";
VALUES  // REMOVE THIS

  $firstname = clean($_POST['firstname']); // REMOVE THIS
  $lastname = clean($_POST['lastname']); // REMOVE THIS

[mark103]

Thanks Pikachu2000, but unforunately the data doesn't update in the database table. It have only just login in the database. I only want to update the data in the table by input the data in the url. Any idea why the data doesn't get update in the table?

[mark103]

Any idea why the data doesn't get update in the table?