Re: [PHP-DB] Update info from form to MySQL. No error but no Update

Thu, 16 Aug 2001 02:24:25 -0700 

----- Original Message -----
From: Cato Larsen <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 4:54 PM
Subject: [PHP-DB] Update info from form to MySQL. No error but no Update


> Hi!
> I've set up a form that allows members to update they'r profile when they
> wish.
> After much debugging I got it working without any errors. The problem
though
> was that it won't update the info in the MySQL database.
> Any ideas what I may be doing wrong?
>
> Cato
>
> Some source:

[snip]

> <?
>  if ($REQUEST_METHOD=="POST") {
>
>   # double-up apostrophes
>   $name = str_replace("'","&quot",$name);
>   $loc = str_replace("'","&quot",$loc);
>   $email = str_replace("'","&quot",$email);
>   $charname = str_replace("'","&quot",$charname);
>   $charsname = str_replace("'","&quot",$charsname);
>   $charnick = str_replace("'","&quot",$charnick);
>   $born = str_replace("'","&quot",$born);
>   $appearance = str_replace("'","&quot",$appearance);
>   $charac = str_replace("'","&quot",$charac);
>   $streng = str_replace("'","&quot",$streng);
>   $bio = str_replace("'","&quot",$bio);

PHP has a couple of functions which will do this for you. Check out
htmlentities() & htmlspecialchars().

>   # setup SQL statement
>   $SQL = " UPDATE memberinfo SET";
>   $SQL = $SQL . " name = '$name', ";
>   $SQL = $SQL . " loc = '$loc', ";
>   $SQL = $SQL . " email = '$email', ";
>   $SQL = $SQL . " password = '$password', ";
>   $SQL = $SQL . " aim = '$aim', ";
>   $SQL = $SQL . " icq = '$icq', ";
>   $SQL = $SQL . " msn = '$msn', ";
>   $SQL = $SQL . " yahoo = '$yahoo', ";
>   $SQL = $SQL . " charname = '$charname', ";
>   $SQL = $SQL . " charsname = '$charsname', ";
>   $SQL = $SQL . " tit = '$tit', ";
>   $SQL = $SQL . " lvl = '$lvl', ";
>   $SQL = $SQL . " picurl = '$picurl', ";
>   $SQL = $SQL . " born = '$born', ";
>   $SQL = $SQL . " appearance = '$appearance', ";
>   $SQL = $SQL . " charac = '$charac', ";
>   $SQL = $SQL . " streng = '$streng', ";
>   $SQL = $SQL . " bio = '$bio', ";
>   $SQL = $SQL . " breed = '$breed', ";
>   $SQL = $SQL . " prof = '$prof', ";
>   $SQL = $SQL . " charnick = '$debris[0]' ";
>   $SQL = $SQL . " WHERE id = $id ";

I think you need to wrap $id around with single quotes:

WHERE id = '$id'


Also the above could be written as:

# setup SQL statement
  $SQL = " UPDATE memberinfo SET
                  name = '$name',
                  loc = '$loc',
                  email = '$email',
                  password = '$password',
                  aim = '$aim',
                  icq = '$icq',
                  msn = '$msn',
                  yahoo = '$yahoo',
                  charname = '$charname',
                  charsname = '$charsname',
                  tit = '$tit',
                  lvl = '$lvl',
                  picurl = '$picurl',
                  born = '$born',
                  appearance = '$appearance',
                  charac = '$charac',
                  streng = '$streng',
                  bio = '$bio',
                  breed = '$breed',
                  prof = '$prof',
                  charnick = '$debris[0]'
            WHERE id = $id ";

which is less typing and, IMHO, clearer. PHP statements end on a semi-colon
(;) and not at a newline so you are free to break up your statements into
multiple lines to aid readability.

regards
--
Jason Wong
Gremlins Associates
www.gremlins.com.hk




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to