-1

I'm having trouble making this query work:

if(isset($_POST['updateRecord'])) {
    mysql_query("UPDATE files SET title = '$_POST[title]', description = '$_POST[description]', internal = '$_POST[accessFile]', category = '$_POST[category]' WHERE title = '$_POST[title]'");
    header("Location: system-management.php?viewFiles=on");
}

It is definatly entering the if statement as the header is redirecting to the correct page. I have set the form submit to use the post method and even if I use the get method I can see that my form data is being passed.

I have tried quoting out the header location and error reporting (or die) on the query but it brings up no errors

The form submit button is within a table column as follows:

<input type='submit' value='Save Changes' name='updateRecord' />

Is there something really obvious that I'm missing here?

Dharman
  • 30,962
  • 25
  • 85
  • 135
user1090149
  • 1
  • 1
  • Did you take your query and try it in mysql shell?? – dm03514 Dec 09 '11 at 17:07
  • 1
    add or die(mysql_error()); to the end of that line and tell us what it says. Also I hope you are aware of the potential vulnerabilities your program has to SQL injection attacks. – jakx Dec 09 '11 at 17:11
  • Hi, yep i've tried it in My Admin panel and all works. I actually made the query again in mysql... "I have tried quoting out the header location and error reporting (or die) on the query but it brings up no errors" error reporting brings up no errors when the query is run. – user1090149 Dec 09 '11 at 19:51
  • Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) – Dharman Feb 09 '20 at 14:04

5 Answers5

0

You have to use braces as follows

mysql_query("UPDATE files SET title = '{$_POST[title]}', 
    description = '{$_POST[description]}', internal = '{$_POST[accessFile]}', 
    category = '{$_POST[category]}' WHERE title = '{$_POST[title]}'");

Braces are needed to escape variable expressions. See Strings on PHP Doc. You may also refer to this answer on stackoverflow to know more about the usage of braces in strings.

Community
  • 1
  • 1
Jomoos
  • 12,823
  • 10
  • 55
  • 92
-1

try to put an id for your submit button, id="whatever".

I dont see the second parameter for mysql_query($query,$connection);, your connection string isnt there.

Check your WHERE Clause as well,

to view the error add mysql_query("",$con) or die(mysql_error());

Matthew Verstraete
  • 6,335
  • 22
  • 67
  • 123
BeardGuy
  • 19
  • 1
-1

Try This

 mysql_query("UPDATE files SET title = '".$_POST[title]."', description = '".$_POST[description]."', internal = '".$_POST[accessFile]."', category = '".$_POST[category]."' WHERE title = '".$_POST[title]."'");

Hope This Fix You're Issue

Alexander Theodore
  • 34
  • 3
-1
  1. Revise the syntax.
  2. It is always a good idea to have a variable containing the query, so you can verify the exact query being executed

Like this:

$query = "UPDATE files SET title = \"{$_POST['title']}\", description = \"{$_POST['description']\", internal = \"{$_POST['accessFile']\", category = \"{$_POST['category']\" WHERE title = \"{$_POST['title']\"";
// echo $query;
mysql_query($query);
jap1968
  • 7,747
  • 1
  • 30
  • 37
  • Hi, Thanks for all your replies! I've tried all the things suggested but still having the same problem. Any more suggestions? – user1090149 Dec 09 '11 at 19:43
  • Did you echo the query to confim that the script is doing what you intended it to do? – jap1968 Dec 09 '11 at 21:58
-1

Assuming that the IF is working, the problem seems to be in the way variables are read from $_POST. The variable names should be enclosed in quotes. Please try this:

mysql_query("UPDATE files SET title = '" . $_POST['title'] . "', description = '" . $_POST[description] . "', internal = '" . $_POST[accessFile] . "', category = '" . $_POST[category] . "' WHERE title = '" . $_POST[title] . "'");

Hope this helps!

Abhay
  • 6,545
  • 2
  • 22
  • 17