0

I am facing a strange issue.... I have created a PHP program using which I can update and delete records stored in MySQL table. The program has PHP-Session functionality for login-logout purpose. Now the issue is, when I am trying to edit records stored in database, few are updating fine but some are not updating at all. Rather it redirects me to index.php page. Initially I thought it was the session which is causing the issue, but when I removed the session code and tried to update the content, same thing happened and it redirects. The data is simple text with the some html formatting. Any idea... what could be the reason behind this...???

include "connection.php";
if($_POST['sub']=="Update"){
$upd=mysql_query("UPDATE table_3 SET title='".htmlentities($_POST['ttl'],ENT_QUOTES,'UTF-8')."', con='".htmlentities($_POST['con'],ENT_QUOTES,'UTF-8')."' WHERE mid='".$_POST['mid']."'");
if(mysql_affected_rows()!=-1){ echo "<script>alert ('!! Data Updated Successfully !!');</script>"; }
else{ echo "<script>alert ('!! Error Updating Data !!');</script>"; }
}

connection.php has this code - 

mysql_connect("localhost","user_name","password") or die ("Unable to connect server bcoz ".mysql_error());
mysql_select_db("db_name") or die ("Unable to select database bcoz ".mysql_error());

Updating the same data directly on MySQL table works fine....

Here is the complete code [I trimmed out most of the styling tags, but the core code is same ] - 

<?php
session_start();
if(!isset($_SESSION['user'])){ header("location:."); }
?>
<html>
<head>
<title>Edit - Update</title>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
</head>
<body>
<div>Logged In As: <b><?php echo $_SESSION['user']; ?></b><span class="logout"><a href="logout.php"><b>Log Out</b></a></span>
</div>
<?php
include "connection.php";
if($_POST['sub']=="Update"){
$upd=mysql_query("UPDATE table_3 SET title='".htmlentities($_POST['ttl'],ENT_QUOTES,'UTF-8')."', con='".htmlentities($_POST['con'],ENT_QUOTES,'UTF-8')."' WHERE mid='".$_POST['mid']."'");
if(mysql_affected_rows()!=-1){ echo "<script>alert ('!! Module Updated Successfully !!');</script>"; }
else{ echo "<script>alert ('!! Error Updating Module Info !!');</script>"; }
}
//URL of the page is - http://url/edit.php?mid=49
$res=mysql_query("SELECT * FROM table_3 WHERE mid='".$_GET['mid']."'");
$row=mysql_fetch_row($res);
?>
<form name="eform" method="post" action="">
<table style="margin-left:10px;">
<tr><td><font color="#025A8D"><b>Title : </b></font></td><td><input type="text" name="ttl" value="<?php echo ucfirst($row[2]); ?>" size="75" /></td></tr>
<tr><td><font color="#025A8D"><b>Content : </b></font></td><td><textarea name="con" cols="72" rows="20"><?php echo html_entity_decode($row[3],ENT_QUOTES,'UTF-8'); ?></textarea></td></tr>
<tr><td>&nbsp;<input type="hidden" name="mid" value="<?php echo $_GET['mid']; ?>" /></td></tr>
<tr align="center"><td></td><td><input type="submit" name="sub" value="Update" /></td></tr>
</table>
</form>
</body>
</html>
Somen Pal
  • 11
  • 3
  • 2
    Please consider preparing your statements to reduce the risk of SQL Injection. There's a really good SO post here: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php In an effort to answer your question - echo out your $_POST variables to ensure that they're being passed in as you expect. Also consider adding exception handling to catch any errors that MySQL maybe spitting out. – ash Aug 08 '15 at 08:04
  • @doublesidedstickytape I tried to echo the $_POST value but It is redirecting before it could echo anything.... – Somen Pal Aug 08 '15 at 08:20
  • You don't want it to do that while you're testing :) Use PHP isset http://php.net/manual/en/function.isset.php. You could also consider logging the output of each variable to a file too http://php.net/manual/en/function.file-put-contents.php – ash Aug 08 '15 at 08:26
  • @doublesidedstickytape tried isset() but nothing changed... same redirection.... – Somen Pal Aug 08 '15 at 08:31

0 Answers0