monkeymaker Posted January 7, 2011 Share Posted January 7, 2011 Hi again all, I have made an update form where the user selects an ID from a dropdown, and then enters the new infomation into fields and saves it. Unfortunately I just cant quite seem to get it to actually pass the data into the database and save it, please see below. This is studentfunc.php <?php require("db_config.php"); class dbstudent { /* DB connection handle */ private $conn; function insert_student($sid, $name, $address, $postcode, $photo) { $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "insert into student (sid , name, address, postcode, photo) values ('{$sid}', '{$esc_name}', '{$esc_address}', '{$esc_postcode}', '{$esc_photo}')"; $result = mysql_query($sql, $this->conn); if (!$result) { die("SQL Insertion error: " . mysql_error()); } else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = " UPDATE student SET name='" . $esc_name . "' where sid='" . $esc_sid . "'"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } function openDB() { $this->conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if (!$this->conn) { die("SQL Connection error: " . mysql_error()); } $db_selected = mysql_select_db(DB_NAME, $this->conn); if (!$db_selected) { die("SQL Selection error: " . mysql_error()); } this is updatestudent.php <?php include 'studentfunc.php'; //import the class in this web page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Update Student</title> </head> <body> <?php $db1 = new dbstudent(); $db1->openDB(); $sql="select sid from student"; $result=$db1->getResult($sql); if (!$_POST) //page loads for the first time { ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Select Student ID to update: <select name="sid"> <?php while($row = mysql_fetch_assoc($result)) echo "<option value='{$row['sid']}'>{$row['sid']} </option>"; ?> </select> </form> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Update new student name:<input type="text" name="name" /><br /> Update new student address:<input type="text" name="address" /><br /> Update new student postcode:<input type="text" name="postcode" /><br /> Update new student picture:<input type="text" name="photo" /><br /> <br /> <input type="submit" value="Save" /> </form> <?php } //end if else { $sid = $_POST['sid']; $name = $_POST['name']; $address = $_POST['address']; $postcode = $_POST['postcode']; $photo = $_POST['photo']; $db1 = new dbstudent(); $db1->openDB(); $numofrows = $db1->student_update($name, $address, $postcode, $photo, $sid); echo "Success. Number of rows affected: <strong>{$numofrows}<strong>"; $db1->closeDB(); } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted January 7, 2011 Share Posted January 7, 2011 $sql = "insert into student (sid , name, address, postcode, photo) values ('{$sid}', '{$esc_name}', '{$esc_address}', '{$esc_postcode}', '{$esc_photo}')"; should be $sql = "UPDATE student (sid , name, address, postcode, photo) values ('$sid', '$esc_name', '$esc_address', '$esc_postcode', '$esc_photo') WHERE sid='$sid'"; edit: just looking again you dont need to update the student id so can remove sid and $sid from the update $sql = "UPDATE student (name, address, postcode, photo) values ('$esc_name', '$esc_address', '$esc_postcode', '$esc_photo') WHERE sid='$sid'"; Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 Hey thanks!! I don't want to sound stupid or anything though but when I added your updated section into studentfunc.php I re-ran updatestudent.php and the server is returning an error : SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(name, address, postcode, photo) values ('', '', '', '') WHERE sid=''' at line 1 Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted January 7, 2011 Share Posted January 7, 2011 I think you will find that its is because $sid is not defined, define it with the other variables and it should work and i forgot to type in your curly brackets Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 I think you will find that its is because $sid is not defined, define it with the other variables and it should work and i forgot to type in your curly brackets Awesome thanks.. heres the current code function student_update($name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "UPDATE student (name, address, postcode, photo) values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}') WHERE sid='${sid}'"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } I'm not sure what you mean about defining $sid, it is a field in the DB and on the function ? Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted January 7, 2011 Share Posted January 7, 2011 I must apologise i misread the first part of your code as the update section and have given you some misguidence it should be $sql = "UPDATE student SET name='$esc_name' where sid='$esc_sid '"; $result = mysql_query($sql); if that does not work echo the value 0f $esc_sid and $esc_name to make sure they are being set Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 Ok thanks but sorry Im still a bit confused, the whole SQL section of the function should be this? $sql = "UPDATE student SET name='$esc_name' where sid='$esc_sid ' values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}' WHERE sid='${sid}')"; Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 It looks like you're trying to update a row by using the INSERT commands syntax $sql = "UPDATE student (name, address, postcode, photo) values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}') WHERE sid='${sid}'"; Now I'm not sure if it works using INSERT's syntax but try this: $sql = "UPDATE student SET name='$esc_name', address='$esc_address', postcode='$esc_postcode', photo='$esc_photo' WHERE sid='$sid'"; Just try it for lols, if it works great if not then do what dragon_sa said and echo the values to make sure they're being set. $sql = "UPDATE student SET name='$esc_name' where sid='$esc_sid ' values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}' WHERE sid='${sid}')"; The above won't work since the fields are no longer declared for the values to inserted into. UPDATE has 3 things that it requires to work; UPDATE SET WHERE Can be left out unless you want to limit the rows affected You are using INSERTS syntax in an UPDATE command which won't work properly (or at least shouldn't). Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 It ran but now rows were effected Can you give an example on where I should put the echo statements for the variables. Should that be in the function or the php page? Also what about vardump() ? Thanks for having the patience to help me out! Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 It ran but now rows were effected Can you give an example on where I should put the echo statements for the variables. Should that be in the function or the php page? Also what about vardump() ? Thanks for having the patience to help me out! Add it above the return in the function. Since you say its querying correctly now I assume we can just add it to the success part of the if statement. $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } -> $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { print("$sid"); /*You can add other values as well to see them all*/ $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } If sid isn't being set properly it won't be able to find the row to edit. Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 Hey thanks for getting back to me again! I tried some other changes now I'm getting the following SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'values ('test', 'test', 'test', '' WHERE sid='test')' at line 2 This is student_update() function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "UPDATE student SET name='{$esc_name}' where sid='${esc_sid} ' values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}' WHERE sid='${sid}')"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { print("$sid"); /*see sid*/ $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 Hey thanks for getting back to me again! I tried some other changes now I'm getting the following SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'values ('test', 'test', 'test', '' WHERE sid='test')' at line 2 This is student_update() function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "UPDATE student SET name='{$esc_name}' where sid='${esc_sid} ' values ('{$esc_name}', '${esc_address}', '{$esc_postcode}', '${esc_photo}' WHERE sid='${sid}')"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { print("$sid"); /*see sid*/ $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } You're using values in update again. $sql = "UPDATE student SET name='{$esc_name}', address='{$esc_address}', postcode='{$esc_postcode}', photo='{$esc_photo}' WHERE sid='{$sid}'"; Should work fine. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 7, 2011 Share Posted January 7, 2011 INSERT syntax: INSERT INTO `table` (`field1`, `field2`) VALUES ( 'string_value', numeric_value ) UPDATE syntax: UPDATE `table` SET `field1` = 'string_value', `field2` = numeric_value WHERE `some_field` = 'some_value' The difference between string values and numeric values is that strings get quoted in the query string, whereas numbers shouldn't be. Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 Hey, thanks again. The SQL statement now runs but actually I think there might be something a bit wierd going on with my input forms, print 'sid', as used on the function, is actually outputting the input from 'name'? Something must be missing or I am trying something totally wrong? See <?php include 'studentfunc.php'; //import the class in this web page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Update Student</title> </head> <body> <?php $db1 = new dbstudent(); $db1->openDB(); $sql="select sid from student"; $result=$db1->getResult($sql); if (!$_POST) //page loads for the first time { ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Select Student ID to update: <select name="sid"> <?php while($row = mysql_fetch_assoc($result)) echo "<option value='{$row['sid']}'>{$row['sid']} </option>"; ?> </select> </form> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Update new student name:<input type="text" name="name" /><br /> Update new student address:<input type="text" name="address" /><br /> Update new student postcode:<input type="text" name="postcode" /><br /> Update new student picture:<input type="text" name="photo" /><br /> <br /> <input type="submit" value="Save" /> </form> <?php } //end if else { $sid = $_POST['sid']; $name = $_POST['name']; $address = $_POST['address']; $postcode = $_POST['postcode']; $photo = $_POST['photo']; $db1 = new dbstudent(); $db1->openDB(); $numofrows = $db1->student_update($name, $address, $postcode, $photo, $sid); echo "Success. Number of rows affected: <strong>{$numofrows}<strong>"; $db1->closeDB(); } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 I just checked updatestudent.php and you have this line: $numofrows = $db1->student_update($name, $address, $postcode, $photo, $sid); But the function is looking for the values in this order: $sid, $name, $address, $postcode, $photo So... Change $numofrows = $db1->student_update($name, $address, $postcode, $photo, $sid); -> $numofrows = $db1->student_update($sid, $name, $address, $postcode, $photo); Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 **updated** Thank you, I sincerely appreciate your efforts. I have made some ammendments as suggested, see the function below. The user selects the ID they want to change in the database, then the user fills in the input boxes and submit button should update or change the exisiting fields on the database to the new ones entered in by the user using the input boxes. Right now the newly entered inputs from the form fields just dont over write the existing db fields Please advise function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "UPDATE student SET name='{$esc_name}', address='{$esc_address}', postcode='{$esc_postcode}', photo='{$esc_photo}' WHERE sid='{$esc_sid}'"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { print("$esc_sid"); /*see sid*/ $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } <?php include 'studentfunc.php'; //import the class in this web page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Update Student</title> </head> <body> <?php $db1 = new dbstudent(); $db1->openDB(); $sql="select sid from student"; $result=$db1->getResult($sql); if (!$_POST) //page loads for the first time { ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Select Student ID to update: <select name="sid"> <?php while($row = mysql_fetch_assoc($result)) echo "<option value='{$row['sid']}'>{$row['sid']} </option>"; ?> </select> </form> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Update new student name:<input type="text" name="name" /><br /> Update new student address:<input type="text" name="address" /><br /> Update new student postcode:<input type="text" name="postcode" /><br /> Update new student picture:<input type="text" name="photo" /><br /> <br /> <input type="submit" value="Save" /> </form> <?php } //end if else { $sid = $_POST['sid']; $name = $_POST['name']; $address = $_POST['address']; $postcode = $_POST['postcode']; $photo = $_POST['photo']; $db1 = new dbstudent(); $db1->openDB(); $numofrows = $db1->student_update($sid, $name, $address, $postcode, $photo); echo "Success. Number of rows affected: <strong>{$numofrows}<strong>"; $db1->closeDB(); } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 edit: Just a second... Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 Try echoing all the values that are being submitted, change print("$esc_sid"); /*see sid*/ -> print("$esc_sid, {$esc_name}, $esc_address, {$esc_postcode}, $esc_photo"); /*see sid*/ Just to see if it all matches up. Quote Link to comment Share on other sites More sharing options...
monkeymaker Posted January 7, 2011 Author Share Posted January 7, 2011 Yes thanks all matches up using print() now it just needs to save into the student table on the db Quote Link to comment Share on other sites More sharing options...
Myoga- Posted January 7, 2011 Share Posted January 7, 2011 Try this... function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "UPDATE student SET name='$esc_name', address='$esc_address', postcode='$esc_postcode', photo='$esc_photo' WHERE sid='$sid'"; $result = mysql_query($sql, $this->conn); if(!$result) { die("SQL Error: " . mysql_error()); } else { print("$esc_sid"); /*see sid*/ $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.