-2

I can't understand why this query doesn't work... I putted the query in an if with an echo to see if it returns true and he does! But if I go to see if the sql table, it hasn't been updated... Can someone help me?

This is the code:

$rowpost='';
if(isset($_POST['rowpost'])){
$rowpost  = $_POST['rowpost'];
$rowpost  = implode(' ', $rowpost);
  if(mysql_query("UPDATE prodotti SET vetrina='$rowpost' WHERE id='$_GET['id']'")){
    echo 'rowpost';
  }
}
if(isset($_POST['addrowname'])){
$filename = "showcase.txt";
$contents = file_get_contents($filename);
$newcontent = $contents.' '.$_POST['addrowname'];
fwrite(fopen($filename, 'w'), $newcontent);
if(isset($_POST['chkaddshcs'])){
  $rowpost  = $_POST['addrowname'].' '.$rowpost;
  if(mysql_query("UPDATE prodotti SET vetrina='".$rowpost."' WHERE id='".$_GET['id']."'")){
    echo 'chkaddshcs';
  }
}

It doesn't give errors, it says rowpostchkaddshcs but he doesn't update the table...

valbuxvb
  • 89
  • 16

1 Answers1

0

First of all. Stop using mysql_*functions since they are deprecated. Use mysqli_* instead. Read this question for reference.

Also, your code is in danger of SQL-Injection. Read this question for reference, also.

About your specific problem:

This line:

mysql_query("UPDATE prodotti SET vetrina='$rowpost' WHERE id='$_GET['id']'")

You must remove the single quotes around id, or add curly braces.

mysql_query("UPDATE prodotti SET vetrina='$rowpost' WHERE id='{$_GET['id']}'")

OR

mysql_query("UPDATE prodotti SET vetrina='$rowpost' WHERE id='$_GET[id]'")
Community
  • 1
  • 1
Phiter
  • 14,570
  • 14
  • 50
  • 84
  • Yes I know, before this there is a $_SESSION control: only website admin can access to this page so I didn't worried about sql injection – valbuxvb Jun 24 '16 at 13:50