Editing/Updating Data (PhP & MySql)

[musnoure]

Hello folks,

I can not seem to find out why this code is not being executed properly. Basically, I'd like to edit Records, so I am using forms to retrieve data, make modifications then save them.

 

<?php
//connection to db

$results = mysql_query("SELECT * FROM crud WHERE id=".$_GET[id]."") or die (mysql_error());
$row = mysql_fetch_assoc($results);
echo "<form action=\"\" method=\"POST\">";
echo "Year: <input type=\"text\" value=".$row['car_year']." name=\"car_year\" /> <br />";
echo "Make: <input type=\"text\" value=".$row['car_make']." name=\"car_make\" /> <br />";
echo "Model: <input type=\"text\" value=".$row['car_model']." name=\"car_model\" /><br /><br />";
echo "Description:<br /><textarea rows=\"15\" cols=\"60\" name=\"description\" />". $row['description']. "</textarea>";
echo "<br /><input type=\"submit\" value=\"save\">";
echo "</form>";

if ($_POST['save']) {
    $car_year = $_POST['car_year'];
    $car_make = $_POST['car_make'];
    $car_model = $_POST['car_model'];
    $description = $_POST['description'];

// Update data
    $update = mysql_query("UPDATE crud SET car_year='$car_year', car_make='$car_make' car_model='$car_model', description='$description' WHERE id=".$_GET['id']."") or die (mysql_error());
echo 'Update successfull';
}

?>

 

 

Please HELP!!!!

[smerny]

rather than making us figure out what it's doing wrong, you should tell us so we can find the problem faster.

 

what exactly do you mean by "this code is not being executed properly"? what is it doing that it shouldn't be? or what is it not doing that it should be?

[smerny]

looked at it anyway and i think i see the problem... you are using WHERE id=".$_GET['id']."... but the form you are passing this data from is POST and doesn't pass an id anyway.

 

can solve by adding

 

<input type=\"hidden\" value=".$row['id']." name=\"id\" />

 

to your form and changing the GET to POST in the UPDATE query.

 

-------

 

also... you should really sanitize your input data before using it in a query

[musnoure]

Sorry about that!

What it does is, let's say the following is displayed in an input box: "Chevy". When I change it to, for example "Chevrolet" and hit the save button, it returns to "Chevy".

Let me know if you need more info, and thanks for the replies!

 

P.S. I've already tried POST instead of get, not working.

[musnoure]

That's not the official form, I just need to know how is it going to work and then I will improve the query, security, etc.

[smerny]

P.S. I've already tried POST instead of get, not working.

did you add an input for id in the POST form?

[musnoure]

Yes, I did

echo "<input type=\"text\" value=".$row['id']." name=\"id\" /> <br />";

 

 

By the way, I've changed "text" to "hidden", still, not changing...

[smerny]

oh i seee another problem...

 

if($_POST['save'])

 

save isnt a POST var, it's a value of the submit var...

 

check if($_POST['submit'] == "save")

[musnoure]

Let me try that, and I will get back to you.

[smerny]

actually, you have no name at all on your submit button.. you could just name it 'save' and then check if(isset($_POST['save']))

[musnoure]

I tried that, still not working.

 

I have a question, what's supposed to go here (where question marks are)

 

echo "<form action=\"???????\" method='POST'>";

 

I've tried echo "<form action=\"$_SERVER['PHP_SELF']\" method='POST'>"; but it is not working either.

[smerny]

action just determines where the form gets submitted. default is current page.

 

show your current code

[musnoure]

$results = mysql_query("SELECT * FROM crud WHERE id=".$_GET['id']."") or die (mysql_error());
$row = mysql_fetch_assoc($results);
echo "<form action=\"\" method='POST'>";
echo "Database ID: <input type=\"text\" value=".$row['id']." name=\"id\" /> <br />";
echo "Year: <input type=\"text\" value=".$row['car_year']." name=\"car_year\" /> <br />";
echo "Make: <input type=\"text\" value=".$row['car_make']." name=\"car_make\" /> <br />";
echo "Model: <input type=\"text\" value=".$row['car_model']." name=\"car_model\" /><br /><br />";
echo "Description:<br /><textarea rows=\"15\" cols=\"60\" name=\"description\" />". $row['description']. "</textarea>";
echo "<br /><input type=\"submit\" value=\"save\" name=\"save\">";
echo "</form>";

if(isset($_POST['save']))
{
    $id = $_POST['id'];
    $car_year = $_POST['car_year'];
    $car_make = $_POST['car_make'];
    $car_model = $_POST['car_model'];
    $description = $_POST['description'];

// Update data
    $update = mysql_query("UPDATE crud SET car_year='$car_year', car_make='$car_make' car_model='$car_model', description='$description' WHERE id=".$_GET['id']."") or die (mysql_error());
echo 'Update successfull';
}
?>

 

I got this error when I changed Malibu to Impala:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'car_model='Impala', description='The Chevrolet Malibu was introduced in 1997 and' at line 1

 

[smerny]

$id = $_POST['id'];

 

yet you use $_GET in the query? change the query to this:

 

("UPDATE crud SET car_year='$car_year', car_make='$car_make' car_model='$car_model', description='$description' WHERE id='$id'")

[darkfreaks]

smerny it doesn't change the fact he is missing a comma in his SQL syntax

[smerny]

lol, okay, so to summarize...

 

the problems were:

-trying to access a GET var when there was none

-not passing the id

-not having a name for the submit to check against, and checking against one that didnt exist

-missing comma in query

 

i think that covers it

[musnoure]

I changed it to that, no error messages but the fields won't change to the new value! What am I missing here!!

[musnoure]

If you looked at the code that I edited, I had already given a name to the submit button. The id was passed, I tried both GET and POST! I do not now what did you mean by "those" problems.

 

Which comma missed? Are you talking about the first pr the second query?

[musnoure]

found missing comma, thanks for pointing that out!

[musnoure]

working now! Thanks for your help!