0

I have a simple Form along side a PHP update query that simply isn't working! I know the PHP is working on the page as there are several validation checks that need to be passed before hand which are working perfectly. The form its self is inside the Colorbox Popup tool.

My HTML Form Code is:

<div id="stylized" class="myform">
<form action="#" method="post">
  <input type="hidden" name="user_id" value="<?php echo $user_id; ?>" />
  <label>First Name:<span class="small">Enter your forename</span></label>
  <input id="first_name" type="text" name="first_name" maxlength="50" placeholder="e.g. Joe" required autofocus/>
<div class="spacer"></div>
<input type="submit" id="update" name="update" value="Continue to Step 2!">
</form>
</div>

With the PHP Code as follows (this is above the HTML code on the page):

<?php 
if($_POST['update']){ 

    $user_i            = $_POST['user_id'];
    $f_name            = $_POST['first_name'];
    $first_name        = ucfirst($f_name);

mysql_query("UPDATE user SET first_name = '$first_name' WHERE user_id = '$user_i'") or die(mysql_error());
 } ?>

The actual submit appears to be working, with the Popup refreshing afterwards, but the database does not update! I have triple checked the syntax and the database fields. 'user' and 'first_name' and 'user_id' is correct.

Update: Because the popup box refreshes, I cannot view the error's from the 'or die(mysql_error()) unfortunately, other wise i might have been one step closer.

Any help would be hugely appreciated.

Many thanks in advance.

  • 5
    you should learn about sql injections – Book Of Zeus Nov 13 '11 at 18:26
  • Sounds like a transaction that's not committing. See http://stackoverflow.com/questions/2708237/php-mysql-transactions-examples – phatfingers Nov 13 '11 at 18:32
  • Your code look correct apart from the fact that you've created the epitome of unsafe coding (As the book of zeus above mentioned). Stop the refresh to see why it doesn't update. – mobius Nov 13 '11 at 18:33
  • I always add serializing etc.. once i've done the basic's of the code, thanks for the heads up though on that one! –  Nov 13 '11 at 20:34

3 Answers3

0

When you say pop-up box, I assume you are using ajax to communicate from the form to the server, which as you stated is difficult to view submitted data. If this is the case try:

error_log(serialize($_POST));

This will force an entry in your error log with the $_POST data in serialized format, so you can check the values you are submitting are populated correctly.

You will also want to sanitize the variables you are adding to the SQL:

$sql = "UPDATE user SET first_name = " . mysql_real_escape_string($first_name) . " WHERE user_id = " . mysql_real_escape_string($user_i) . " LIMIT 1";

mysql_query($sql);
Mike Purcell
  • 19,847
  • 10
  • 52
  • 89
  • Hi Digital Precision, thanks for the response, I have addd this line of code underneath the if($_POST['update'] and the only errors I can see when refreshing the page are 'no index defined'. The error's are for the 'update' but surely that isn't the case? No I am not using ajax to communicate, My update query is within the if($_POST['update']{}, it works on other colorbox pop-ups which is why I cant understand it on this one. –  Nov 13 '11 at 20:30
  • @BenLittle: `no index defined` leads me to believe you are referencing an array by a key that doesn't exist. When you var_dump($_POST) do you see the values you expect? – Mike Purcell Nov 13 '11 at 20:37
0

I would:

  1. print_r($_POST); to view the POST data.

  2. Generate the SQL from a string so it can be printed for debugging purposes, like so:

    $sql = "UPDATE user SET first_name = '$first_name' WHERE user_id = '$user_i'";
    echo $sql;
    mysql_query($sql) or die(mysql_error());

One of these techniques will likely tell you why the PHP-generated SQL doesn't update your database record.

Kristoffer Bohmann
  • 3,986
  • 3
  • 28
  • 35
0

you set your user_id field by echo $user_id; but your variable name is set to $user_i = $_POST['user_id']; therefore your user id field is not set and your Mysql command will fail.

dar7yl
  • 3,727
  • 25
  • 20