2

I'm trying to update text I've selected and displayed in a TextArea to my database. The text is selected and displayed so nothing wrong with the connection.php. But when I change the text and press save it does not update the text in the database, however it shows that the data is stored in the variables $tekstArea and $tekstIDArea. Could anyone help me out?

Here is my code:

<?php
    session_start();
    include "connection.php";
?>


<?php   
        //Get Resulsts from database
        $query = "SELECT * FROM tekst";
     $result = mysqli_query($conn, $query);
        
        while ($row = mysqli_fetch_array($result)) {
            $tekstID = $row['tekstID'];
            $text = $row['text'];
   
            echo "<form method='POST' action=''>
            <input name='tekstIDArea' value=" . $tekstID . ">
            <br />
            <textarea name='textArea' rows='20'>" . $text . "</textarea>
            <br />
            <button type='submit' name='submit' class='btn'>Save</button><br /><br />";

        }

if (isset($_POST['submit'])) {
            
    $tekstArea = $_POST['textArea'];
    $tekstIDArea = $_POST['tekstIDArea'];
    $sql = "UPDATE tekst SET 'text' = '$tekstArea'";
    $res = mysqli_query($conn, $sql);
    
    if(!$res)
    {
        echo "Could not update" . mysql_error() . "<br />";
        echo $tekstArea . "<br />";
        echo $tekstIDArea . "<br />";
    }
    mysqli_close($conn);
}
?>

Thanks in advance,

Ahnkheg

EDIT: Added form closing tag. Changed mysql_error() to mysqli_error($conn).

Ahnkheg
  • 23
  • 3
  • 1
    Where's the closing `` tag? That will have adverse effects. You're also mixing with `mysql_error()`. That should be `mysqli_error($conn)` – Funk Forty Niner Apr 07 '15 at 14:11
  • Okay, that fixed my error output! Thank you! The error I'm getting is: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''text' = 'test'' at line 1. – Ahnkheg Apr 07 '15 at 14:18
  • What happens if I pass in `';drop table texst;`? – mmmmmpie Apr 07 '15 at 14:19
  • @Ahnkheg You're welcome. I have posted an answer below, to better illustrate the syntax error. – Funk Forty Niner Apr 07 '15 at 14:22

1 Answers1

1

"Okay, that fixed my error output! Thank you! The error I'm getting is: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''text' = 'test'' at line 1. – Ahnkheg"

This line:

$sql = "UPDATE tekst SET 'text' = '$tekstArea'";

The text column has regular quotes and isn't the correct identifiers. This is a column and not a value.

Either use ticks:

$sql = "UPDATE tekst SET `text` = '$tekstArea'";

or remove them:

$sql = "UPDATE tekst SET text = '$tekstArea'";

Sidenote: Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

You also have a missing </form> tag. That will have adverse effects. You're also mixing with mysql_error(). That should be mysqli_error($conn).

  • Those different MySQL APIs do not intermix with each other.
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141