Writing to database

[FlashNinja]

I'm writing a script that takes user input from a html form and updates the database with the new data. In this example the user is updating the data about the university they attend. The problem with this is, the script to update the database with the new information appears to be not working - the new data is not being added to the database. The SQL queries used in the script work in phpMyadmin, and the variables - $uni and $username - contain the data the correct data. This has me stumped, could someone look over this for me please and tell me what is going wrong here.

 

<?php

  include 'connect.php';
  
  session_start();
  $_SESSION['username']; 
  
  if(!(isset($_SESSION['login']) && $_SESSION['login']!= " ")){
       header("Location: login.php");
   }
   
  $username = $_SESSION['username'];
  $tablename = 'usr_test';
  

  $uni = $_POST['uni'];
  
  $uni = stripslashes($uni);
  $uni = mysql_real_escape_string($uni);
  $uni = trim($uni);

if(isset($uni))
{  
   $username = $_SESSION['username'];
   $loc = mysql_query("SELECT * FROM usr_test WHERE usr = '$username'");

   if (mysql_num_rows($loc) == 0)
   header("Location:notlogged.php");
   
   else 

   {

    extract(mysql_fetch_array($loc));

    mysql_query("UPDATE usr_test SET uni = ('$uni') WHERE usr = '$username'") or die (mysql_error());
    header("Location:profile.php");

   }
    }

  ?>

[MMDE]

try to echo inside the else, just to see if it ever gets to the mysql update query.

 

also do you mean to use ( and ) around the name of the uni in the update query?

 

also try to comment away those redirects, so you can actually see the errors.

 

and you should probably put a "or die (mysql_error())" on the first query as well.

[FlashNinja]

Removed the brackets around $uni - didn't fix it. I also checked if the $username and $uni variables make it correctly to the ELSE part of the script. They do. This is really stumping me. 

[MMDE]

Removed the brackets around $uni - didn't fix it. I also checked if the $username and $uni variables make it correctly to the ELSE part of the script. They do. This is really stumping me. 

Try to comment away the redirects, so you can actually see the error messages!

 

Try this:

mysql_query("UPDATE usr_test SET uni = '$uni' WHERE usr = '$username'") or die (mysql_error());
// header("Location:profile.php");
echo $uni;

[FlashNinja]

This is interesting. I just tried what you suggested and found something odd is happening. Instead of displaying the new value for $uni it is infact displaying the old value  - the one that I'm trying to overwrite in the database - at this point in the script.

[MMDE]

This is interesting. I just tried what you suggested and found something odd is happening. Instead of displaying the new value for $uni it is infact displaying the old value  - the one that I'm trying to overwrite in the database - at this point in the script.

Yes, and it's because of the extract() function.

Uni is a key in the array mysql_fetch_array() function returns, which means the extract() function will replace the string the $uni variable pointed to with the uni string from the database.

[FlashNinja]

I see now. I changed the $uni variable name to $myuni, and everything works now. Thanks for the help. 

[MMDE]

I see now. I changed the $uni variable name to $myuni, and everything works now. Thanks for the help. 

I would rather say you should not extract it at all, because it already returns an array and they are much easier to handle. If you add more columns in the database table later, this could happen all over again. If you insist on using extract, at least use mysql_fetch_assoc() instead, or at the very least mysql_fetch_array($result, MYSQL_ASSOC). As it is now, it creates a lot of enumerated variables as well.

 

What I recommend instead:

$usr = mysql_fetch_assoc($loc);
mysql_query("UPDATE usr_test SET uni = '$uni' WHERE usr = '$usr['usr']'") or die (mysql_error());
header("Location:profile.php");