SQL PHP Update/Delete/Add [Archive]

Click to See Complete Forum and Search --> : SQL PHP Update/Delete/Add

LingoOutsider

May 14th, 2009, 02:25 AM

This is my code so far for updating...

$namereq = $_REQUEST['namefield'] ;
$emailreq = $_REQUEST['emailfield'] ;
$messagereq = $_REQUEST['messagefield'] ;
$datereq = $_REQUEST['datefield'] ;

$con = mysql_connect("server", "username", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
echo "update failed";
}

mysql_select_db("database", $con);
global $customernumber;

mysql_query("UPDATE enquiryform SET name=$namereq WHERE customerno = $customernumber LIMIT 1");
mysql_query("UPDATE enquiryform SET email=$emailreq WHERE customerno = $customernumber LIMIT 1");
mysql_query("UPDATE enquiryform SET message=$messagereq WHERE customerno = $customernumber LIMIT 1");
mysql_query("UPDATE enquiryform SET startdate=$datereq WHERE customerno = $customernumber LIMIT 1");

mysql_close($con);

echo $namereq
echo $emailreq
echo $messagereq
echo "Update Compleated";

$_REQUEST['field'] have been retreved for previous page and everything echos/prints ok but nothing changes on the database table?!
I've checked field/database/passwords/etc what am I missing?

kows

May 14th, 2009, 06:14 AM

well, first -- you shouldn't be using 4 different queries to update one record. this one query accomplishes the same as your four:
mysql_query("UPDATE enquiryform SET name='$namereq', email='$emailreq', message='$messagereq', startdate='$datereq' WHERE customerno='$customernumber' LIMIT 1");
the reason none of your things are updating is probably because you're not enclosing any values in quotes (like in my example above). MySQL will interpret strings not enclosed in quotes as functions/reserved words. this is why none of your tables are updating.

you should also be checking your user input; you can use mysql_real_escape_string():
$namereq = mysql_real_escape_string($_REQUEST['namefield']);
$emailreq = mysql_real_escape_string($_REQUEST['emailfield']);
$messagereq = mysql_real_escape_string($_REQUEST['messagefield']);
$datereq = mysql_real_escape_string($_REQUEST['datefield']);

manavo11

May 15th, 2009, 03:47 AM

To check if there is a problem with your mysql query, you can check the value of mysql_error() after you call a query. Or run your query like this:

mysql_query($Query) or die("MySQL error: ".mysql_error());

So execution will stop and you can see straight away the error.

LingoOutsider

May 15th, 2009, 05:38 AM

Thanks, its updating now!

If I want to use multiple submit buttons (add/delete/update) on the one form whats the easiest way to identify which has been pressed?

<input type="submit" name="Change" value="Change" />

what command will identify my pressed button?

kows

May 15th, 2009, 01:54 PM

you can name the buttons and then check whether or not they've been pressed by using isset(). instead of an IF statement to handle all of it, you could do:
<?php

if($_SERVER['REQUEST_METHOD']){

$button = (isset($_POST['add'])) ? 'add' : ((isset($_POST['update'])) ? 'update' : 'delete');

switch($button):
case 'add':

//add stuff

break;
case 'update':

//update stuff

break;
case 'delete':

//delete stuff

break;
endswitch;
}

?>
<form action="script.php" method="post">
<input type="submit" name="add" value="add" />
<input type="submit" name="update" value="update" />
<input type="submit" name="delete" value="delete" />
</form>