Jump to content

simple Update form not update field on database help

Lisa23

By Lisa23
in PHP Coding Help

 Share

Recommended Posts

Lisa23 Regular Member

Lisa23

Posted
Posted

Hi i have this simple update form and scrip but somehow it doesnt seem to be update the field on the database can someone help out please.

The html form is the second form bellow where the action send to status_update.php

HTML FORM

<?php                include("../header.html");            ?>
<?php                include("header_news.html");            
extract($_REQUEST,EXTR_SKIP);
?><?php            
/*                print("sfilm_refnum = $sfilm_refnum<BR>");                
print("sfilm_addr01 = $sfilm_addr01<BR>");                
print("sfilm_postcode = $sfilm_postcode<BR>");                
print("Film Client = $fclient<BR>");            */             
?>            
<form id="search" action="list.php" method="post" name="search">                
<table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee">                    
<tr>                        
<td align="right" width="140"></td>                        
<td width="320"><span class="hofblack10">                            
</span>                            
</td>                        
<td align="center" width="100"><input type="hidden" name="lstart" value="<?php print("$lstart"); ?>" /><input type="hidden" name="lend" value="<?php print("$lend"); ?>" /><input type="hidden" name="lamount" value="<?php print("$lamount"); ?>" /></td>                        <td align="center" width="100"></td>                        
<td align="right"></td>                    
</tr>                
</table>            
</form>            
<table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#4050c4">                
<tr>                  
<td width="60" class="hofwhite10">action</td>                    
<td width="140"><span class="hofwhite14">DATE</span></td>                    
<td width="80"><span class="hofwhite14">ID</span></td>                    
<td><span class="hofwhite14">News Titile</span></td>                    
<td width="100"><span class="hofwhite14">Status</span></td>                
</tr>                
<tr height="0">                  
<td bgcolor="white" width="60"></td>                    
<td bgcolor="white" width="140" height="0"></td>                    
<td bgcolor="white" width="80" height="0"></td>                    
<td bgcolor="white" height="0"></td>                    
<td bgcolor="white" width="100" height="0"></td>                
</tr>            
</table><table width="780" border="0" cellspacing="0" cellpadding="4"><tr>                    
<td width="60"></td>                  
<td width="80"></td>                    
<td><a class="blueullrg" href="add.php">Add News</a></td>                    
<td align="right" width="120"></td>                
</tr>                
<tr height="0">                    
<td width="60" height="0"></td>                  
<td width="80" height="0"></td>                    
<td height="0"></td>                    
<td align="right" width="120" height="0"></td>                
</tr>            
</table>  <?php          
//get the DB connection variables    
include("../../../includes/config.php");        
//connect to DB        
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");        
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select DATABASE.");                
$query2="SELECT * FROM news WHERE !(news_status='deleted')";        
$result2 = mysql_query($query2) or die("Couldn't execute QUERY - Select NEWS Qty");        
$fqty = mysql_num_rows($result2);            
//SELECT or FIND the same USERNAME        
$query3="SELECT * FROM news WHERE !(news_status='deleted') ORDER BY news_id DESC";        
$result3 = mysql_query($query3) or die("Couldn't execute QUERY - Select NEWS");        
while ($row = mysql_fetch_array($result3))            
{                
$news_id                 = $row['news_id'];                
$news_title                = $row['news_title'];                
$news_story                = $row['news_story'];                
$news_image                = $row['news_image'];                
$news_image_caption        = $row['news_image_caption'];                
$news_image_link        = $row['news_image_link'];                
$news_date_day            = $row['news_date_day'];                
$news_date_month        = $row['news_date_month'];                
$news_date_year            = $row['news_date_year'];                
$news_status            = $row['news_status'];                
$news_website            = $row['news_website'];                
$news_date_created        = $row['news_date_created'];        
        $news_date_modified        = $row['news_date_modified'];    ?>            
        <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee">                
        <tr>                  
        <td width="60"><span class="hofblack10">                   
         <?php                    
         if($news_status=="deleted"){                        
         print("<a class='hifblack10'>deleted</span>");                    
         }ELSE{                        
         print("<a class='blueul' href='edit.php?id=$news_id'>edit</a>");                    
         }                    
         ?>                 
          </span></td>                    
          <td width="140"><span class="titlegrey12">                      
          <?php                      
          if(!$news_date_day) 
          { echo "00"; }
          else{ echo $news_date_day; }                      
          echo "/";                     
           if(!$news_date_month) { echo "00"; }else{ echo $news_date_month; }                      
           echo "/";                      
           if(!$news_date_year) { echo "0000"; }else{ echo $news_date_year; }                    
           ?>                    
           </span></td>                    
           <td width="80"><span class="titlegrey12"><?php                    print("$news_id");                    ?></span>
           </td>                    
           <td><?php                    
           if($news_status=="deleted")
           {                        
           print("<class='hofblack10'>$news_title</span>");                    
           }ELSE{                        
           print("<a class='blueul' href='edit.php?id=$news_id'>$news_title</a>");                    
           }                    
           ?></td>                    
           <td width="100">                        
           <form id="list_update" action="status_update.php" method="post" name="list_update">                            
        <select name="newnstatus" size="1">                                
           <option  <?php if($row['news_status'] == "") 
           {
            print("selected");
           } ?> 
           selected="selected" value="">Status...</option>                                
           <option  <?php if($row['news_status'] == "on")
           {
            print("selected");
           } ?> value="on">On</option>
               <option  <?php if($row['news_status'] == "off")
           {
            print("selected");
           } ?> value="off">Off</option>
            <option  <?php if($row['news_status'] == "deleted")
           {
            print("selected");
           } ?> value="deleted">Delete</option>
        </select>
         <input type="hidden" name="nstatus" value="<?php echo $row[news_status]; ?>" />                            
           <input type="hidden" name="id" value="<?php echo $row[news_id]; ?>" />                        
           <input type="submit" name="update" value="update" />                        
           </form>                     
            </td>                
            </tr>                
            <tr height="0">                  
            <td bgcolor="white" width="60"></td>                    
            <td bgcolor="white" width="140" height="0"></td>                    
            <td bgcolor="white" width="80" height="0"></td>                    
            <td bgcolor="white" height="0"></td>                    
            <td bgcolor="white" width="100" height="0"></td>                
            </tr>            
            </table>
            <?php            }        mysql_close($connection);//}?>            
            <table width="780" border="0" cellspacing="0" cellpadding="4">          
            <tr>                    
            <td width="60"></td>                  
            <td width="80"></td>                    
            <td><a class="blueullrg" href="add.php">Add News</a></td>                    
            <td align="right" width="120"></td>                
            </tr>            
            </table><?php                // include("list_navigation.html");            ?>
            <?php                include("../footer.html");            ?>
            </div></body></html>

 

The action script php

<?php
/*    echo "fstatus: ".$fstatus."<BR>";    
echo "id: ".$id."<BR>";    
echo "fclient: ".$fclient."<BR>";    
echo "newfstatus: ".$newfstatus."<BR>";*/    
//set the date of agreement        
$timestamp = date('l jS \of F Y h:i:s A');    
//get the DB connection variables        
include("../../../includes/config.php");
//connect to DB        
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");        
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE.");    
// All appears well, so enter into database                
$query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='$id'";

$result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB");    
//setup an email to the Admin @ hof, w/o attachment            
$emailto="xx@xxx.co.uk";        
$emailfrom="no-reply@xxxx.co.uk";        
$emailsubject="xx Record Updated";        
$emailmessage="Hello Registrar\n\n";        
$emailmessage.="News ID: ".$id."\n";        
$emailmessage.="Updated on: ".$timestamp."\n\n";        
$emailmessage.="Status was: ".$nstatus."\n";        
$emailmessage.="Status now: ".$newfnstatus."\n";        
$emailmessage.="Thank you,\n\n";        
$emailmessage.="Web Site ROBOT\n";        
$emailmessage.="(Administrator)\n";        
$emailmessage.="xxx.co.uk | xxx.biz\n";        
$emailmessage.="----------------------------------------------\n";        
$emailmessage.="e. http://www.xxx.co.uk/contact.php\n";        
$emailmessage.="w. http://www.xxx.co.uk\n";        
$emailheader="From: xxx.co.uk<$emailfrom>";
$emailheader  .= 'Cc: xxx@xxx.co.uk'."\r\n";
$emailheader  .= 'Bcc: xxx@xxxxx.co.uk'."\r\n";        
$ok=mail($emailto,$emailsubject,$emailmessage,$emailheader);        
mysql_close($connection);            
if ($ok)
{        
header("Location: list.php"); 
/* Redirect browser */        
exit;    
} else {        
$errmsg="There was a problem, please try later or telephone us direct.";        
$errsta="1";        
include("edit_error.html");        
//echo "<p>Mail could not be sent. Sorry!</p>";        
exit;    
}        
?>

Thanks in advance

Link to comment
Share on other sites
sunfighter Newbie

sunfighter

Posted
Posted

Enclose news_status in quotes

And

Enclose news_id in quotes

<form id="list_update" action="status_update.php" method="post" name="list_update">
<select name="newnstatus" size="1">
<option  <?php if($row['news_status'] == ""){print("selected");} ?> selected="selected" value="">Status...</option>
<option  <?php if($row['news_status'] == "on") { print("selected"); } ?> value="on">On</option>
<option  <?php if($row['news_status'] == "off") { print("selected"); } ?> value="off">Off</option>
<option  <?php if($row['news_status'] == "deleted") { print("selected"); } ?> value="deleted">Delete</option>
</select>
<input type="hidden" name="nstatus" value="<?php echo $row['news_status']; ?>" /><!--   !! Enclose news_status in quotes !!-->
<input type="hidden" name="news_id" value="<?php echo $row['news_id']; ?>" /><!--       !! Enclose news_id in quotes !!-->
<input type="submit" name="update" value="update" />
</form>

Link to comment
Share on other sites
Lisa23 Regular Member

Lisa23

Posted
  • Author
Posted

Enclose news_status in quotes

And

Enclose news_id in quotes

<form id="list_update" action="status_update.php" method="post" name="list_update">
<select name="newnstatus" size="1">
<option  <?php if($row['news_status'] == ""){print("selected");} ?> selected="selected" value="">Status...</option>
<option  <?php if($row['news_status'] == "on") { print("selected"); } ?> value="on">On</option>
<option  <?php if($row['news_status'] == "off") { print("selected"); } ?> value="off">Off</option>
<option  <?php if($row['news_status'] == "deleted") { print("selected"); } ?> value="deleted">Delete</option>
</select>
<input type="hidden" name="nstatus" value="<?php echo $row['news_status']; ?>" /><!--   !! Enclose news_status in quotes !!-->
<input type="hidden" name="news_id" value="<?php echo $row['news_id']; ?>" /><!--       !! Enclose news_id in quotes !!-->
<input type="submit" name="update" value="update" />
</form>

Sorry but i dnt quite understand what do you mean enclose in quotes? could you give me an example?

Link to comment
Share on other sites
djlee Newbie

djlee

Posted
Posted

Did you create this yourself or get it from somewhere. It looks as if it uses register_globals . Which means it takes all post and get variables and puts them into common php variables. This is a bad idea and you should change it to specifically use $_POST and $_GET then deactivate register globals if you have that setting switched on

Link to comment
Share on other sites
djlee Newbie

djlee

Posted
Posted

yep they had reg globals on. You need to change everything to use $_POST[] that is passed through the form. Also id advise getting rid of that extract() on the request vars and declare them properly. its just horrible.

 

Also dont forget to sanitize your data. If your sending the id through teh form, at very least typecast the post var to an int before putting it in the query. That way if someone changes the id to an injection string in the form, your code will convert it to zerio and it just wont do anything

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.