-1

Relating to a previous question i had

SQL not Updating from PHP form

I have changed and played with the code but am getting the following errors.

Query was emptyArray ( [imei] => 1 [serial] => 1 [status] => 1 [msisdn_no] => 0827910119 
[card_no] => 89604900000001868482 [client_name] => 1 [inst_date] => 2013-09-10 [tech] => 1 
[inst_cert] => 1 [isp] => Vodacom [account] => 1 [account_price] => 1 [deposit] => 1  
[cont_start] => 1 [cont_end] => 1 [rica] => 1 [date_rica] => 1 [prod] => 1 [active] => 1 
[suspended] => 1 [loaded_by] => 1 [send] => Submit ) : mysql err no : 1065 Your Number has 
been registered and Location has been Captured. Please click here for your Map and 
Location

This is my update PHP code 

//Drawn from Form Information used to Update Database
$imei = $_POST['imei'];
$serial = $_POST['serial'];
$status = $_POST['status'];
$msisdn_no = $_POST['msisdn_no'];
$card_no = $_POST['card_no'];
$client_name = $_POST['client_name'];
$inst_date = $_POST['inst_date'];
$tech = $_POST['tech'];
$inst_cert = $_POST['inst_cert'];
$isp = $_POST['isp'];
$account = $_POST['account'];
$account_price = $_POST['account_price'];
$deposit = $_POST['deposit'];
$cont_start = $_POST['cont_start'];
$cont_end = $_POST['cont_end'];
$rica = $_POST['rica'];
$date_rica = $_POST['date_rica'];
$prod = $_POST['prod'];
$suspended = $_POST['suspended'];
$loaded_by = $_POST['loaded_by'];
$id =$_POST['id'] ;

//update database
update_lbs($msisdn, $reqby1, $reqdate, $reqtime, $client, $clientcase, $saps, $cas,    
$reason, $reqby, $long, $lat, $msisdn, $dist, $response);

//update database
function update_lbs($imei, $serial, $status, $msisdn_no, $card_no, $client_name,    
$inst_date, $tech, $inst_cert, $isp, $account, $account_price, $deposit, $cont_start, 
$cont_end, $rica, $date_rica, $prod, $suspended, $loaded_by)

{   global $host;
    global $username;
    global $password;
    global $db_name;
    date_default_timezone_set('Africa/Johannesburg');
    $today = date("Y-m-d H:i:s");
$date = date("Y-m-d") ;
$time = date("H:i:s");
    $insertSuccessful = false;
 if ($con = mysql_connect($host, $username, $password)) {
    if (mysql_select_db($db_name)) {
        $query = "UPDATE tracking_sim SET   
        imei = '$imei',
        serial = '$serial',
        status = '$status',
        msisdn_no = '$msisdn_no',
        card_no = '$card_no',
        client_name = '$client_name',
        tech = '$tech',
        inst_cert = '$inst_cert',
        isp = '$isp',
        account = '$account',
        account_price = '$account_price',
        deposit = '$deposit',
        cont_start = '$cont_start',
        cont_end = '$cont_end',
        rica = '$rica',
        date_rica = '$date_rica',
        prod = '$prod',
        date_rica = '$date_rica',
        suspended = '$suspended',
        loaded_by = '$loaded_by'
        WHERE id = '$id';"; 

    if (mysql_query($sql, $con)) {
            $insertSuccessful = true;
        } else {
            echo mysql_error ();
            echo $sql;
            print_r($_POST);
            echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
            echo "mysql err no : " . mysql_errno($con);
        }
    return $insertSuccessful;
    }
 }
 }

    ?>

My form has the following 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
$id = $_GET['id'];

$result = mysql_query("SELECT * FROM tracking_sim WHERE id='$id'");

$rows = mysql_fetch_array($result);
?>

<form id="form1" method="post" action="../control_tracking/tracking_sim_updated.php">

I have tried the form action with both GET and POST same error also I have changed $_POST to $_REQUEST and tried it that way as well with no avail

Community
  • 1
  • 1
Maggie Ackermann
  • 253
  • 1
  • 4
  • 15
  • Does it change at all if you replace `if (mysql_query($sql, $con)) {` with `if (mysql_query($query, $con)) {` ? – EPB Sep 15 '13 at 08:05
  • The reason I ask is error 1065 is empty query. `$sql` doesn't appear to exist in that function, but `$query` does and contains your sql statement. – EPB Sep 15 '13 at 08:13
  • You need to show your SQL structure also ... do you have any numeric value in your database while you're trying to update them like strings? (e.g. `deposit = '$deposit'`) – Mahdi Sep 15 '13 at 08:18
  • Also if you're not sure the data is passed from form to the server, do a `print_r($_REQUEST);` just before executing your query and see if the expected data existed or not ... – Mahdi Sep 15 '13 at 08:20
  • I have changed the $sql to $query missed that thanks for that one so the error is gone now but it is not updating the database at all still back to square one with info not updating. – Maggie Ackermann Sep 15 '13 at 08:27
  • @Mahdi My table is Var and Date only no numeric but the insert values is numerical though some of the fields – Maggie Ackermann Sep 15 '13 at 08:38
  • I have found the Problem, I have a duplicate insert value and the string didn't recognise the duplicate input in date_rica = '$date_rica', after changing this it was sorted – Maggie Ackermann Sep 15 '13 at 08:47
  • **By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. – Andy Lester Sep 15 '13 at 14:19

2 Answers2

1

you are use different sql variable, $query and $sql,

"if (mysql_select_db($db_name)) {
        **$query =** "UPDATE tracking_sim SET "

if (mysql_query(**$sql**, $con)) {
Miczkó István
  • 11
  • 1
0

Try removing the semi-colon at the end of your update statement. The one after WHERE id='$id'.

heinistic
  • 731
  • 2
  • 8
  • 16