PHP SELF Form post to Database

Question

Sooooo....

Why is this not changing the content to my database?

<?php
if(isset($_POST['submit']))
{
  if( isset($_POST['post_body']) )
 {
  $post_body = $_POST['post_body'];
  $id    = $_POST['id'];
  $sql     = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";
  $res   = mysqli_query($mysql, $sql); 
 }
    if( isset($_POST['post_title']) )
 {
  $post_title = $_POST['post_title'];
  $id    = $_POST['id'];
  $sql     = "UPDATE forum_post SET post_title='$post_title' WHERE post_id='$id'";
  $res   = mysqli_query($mysql, $sql);         
 }
}
?>

        <form action="<?php $_PHP_SELF ?>" method="POST" class="form-horizontal">
            <fieldset>
                
            <legend>Edit</legend>    
            <div class="form-group">
                <input type="hidden" name="id" value="<?php echo $post_id; ?>">
                <label for="inputTitle" class="col-lg-2 control-label">Title</label>
                <div class="col-lg-5">
                    <input type="text" class="form-control" id="post_title" name="post_title" placeholder="<?php echo $post_title; ?>"  value="<?php echo $post_title; ?>">         
                </div>
            </div>
            <div class="form-group">
                <label for="inputTitle" class="col-lg-2 control-label">Created</label>
            <div class="col-lg-5">
                <p><?php echo $post_created;?></p>        
            </div>
            </div>
                <div class="form-group">
                <label for="textArea" class="col-lg-2 control-label">Textarea</label>
                <div class="col-lg-10">
                <textarea type="text" name="post_body" id="post_body" rows="8" class="col-md-12" value="<?php echo $post_body; ?>" class="form-control" rows="3">
                <?php echo $post_body; ?>
                </textarea>
                <span class="help-block">Here goes the content.</span>
                </div>
                <div class="col-md-2"><a href class="col-md-2 btn btn-danger btn-block" ng-show="showme" ng-click="showme=false">Back</a></div>             
                <input class="pull-right col-md-10 btn btn-primary btn-default" id="submit" type="submit" value="Submit" name="submit"/>
                </div>
            </fieldset>
        </form>

I want this to update my post's content & title for now. Why is this not updating my database? I can't see errors, nothing.

I can fill the form, press update, no error. Console is empty too.

Wheres the problem?

Do a var_dump of $post_id, $post_body and $post_title , before the submit and then the other variables after submit. if values are good problem is in mysql. — Luca Olivieri, Feb 12 '15 at 09:20

score 0 · Answer 1 · answered Feb 12 '15 at 09:18

0

You have to escape your values.

$sql     = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";

Could be :

$sql     = "UPDATE forum_post SET post_body='".$post_body."' WHERE post_id='".$id."'";

And warning about the injections !

answered Feb 12 '15 at 09:18

Thomas Rbt

1,483
1
13
26

1

Won't solve the problem. Won't solve sql injections. – Debflav Feb 12 '15 at 09:18
And later, try to ECHO your query, test your script, and see where is the problem in the query. Then, try to copy it and past it in phpmyadmin/sql to see if an error occur. – Thomas Rbt Feb 12 '15 at 09:20
He can use mysql_real_escape_string() or intval() – Thomas Rbt Feb 12 '15 at 09:22
Use `mysql_*`: " **Warning:** This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. " – Debflav Feb 12 '15 at 09:23
@KevinakaKebbona : Used prepared statement is the minimum to do. Have a look [here](http://stackoverflow.com/q/60174/3361444) – Debflav Feb 12 '15 at 09:49
You can use mysql_real_escape_string() for a string or intval() for protect a int value about the sql injections. Learn more here : https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet – Thomas Rbt Feb 12 '15 at 09:50

score 0 · Answer 2 · answered Feb 12 '15 at 09:19

0

try to echo the error mysql_error() like this

<?php
if(isset($_POST['submit']))
{
    if( isset($_POST['post_body']) )
    {
        $post_body = $_POST['post_body'];
        $id      = $_POST['id'];
        $sql     = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";
        $res     = mysqli_query($mysql, $sql);  
        if($res)
{
 echo "updated";
} else
{
 echo mysqli_error();
}

    }
    if( isset($_POST['post_title']) )
    {
        $post_title = $_POST['post_title'];
        $id      = $_POST['id'];
        $sql     = "UPDATE forum_post SET post_title='$post_title' WHERE post_id='$id'";
        $res     = mysqli_query($mysql, $sql);  
if($res)
{
 echo "updated";
} else
{
 echo mysqli_error();
}        
    }
}
?>

answered Feb 12 '15 at 09:19

john

567
8
23

nothing comes out. I feel like there is no connection with my submit and the php.... There is some php before that if(isset($_POST['submit'])) part though.. Would that be a problem? – jACK Feb 12 '15 at 09:21
check in which condition it is comming. i mean in which if condition – john Feb 12 '15 at 09:23
Yeah. I had on seperate. Worked just fine, but always went on a different page when updating. Didn't want that so changed to PHP SELF. Am I retarded? – jACK Feb 12 '15 at 09:30
Connection as in? Connections to mysql database is created at the begginning of the page. – jACK Feb 12 '15 at 09:34
if it was working on seperate page then you can redirect the page after updation like header('location:yourpage.php'); – john Feb 12 '15 at 09:37

PHP SELF Form post to Database

2 Answers2