Tech Support Guy banner
Status
Not open for further replies.

Help w/update

Solved 
769 views 5 replies 2 participants last post by  TechGuy 
#1 ·
Please take a look at my code(s) and offer advice.
The first is a form to update a database row and
the second is to update. I get a message that the
update is made but it is not.
================================================
the form:
<!DOCTYPE html>

update form

mischg-update Form

Unit

Chgmoyr

Misc

Damage

Courtcost

Nsf

Latechg

Datepaid

Late

Secdep

=================================================
the update code:
<?php
//Open a new connection to the MySQL server
require_once "getprerentdb.php";
$chgmoyr = $_POST['chgmoyr'];
$misc = $_POST['misc'];
$damage = $_POST['damage'];
$courtcost = $_POST['courtcost'];
$nsf = $_POST['nsf'];
$latechg = $_POST['latechg'];
$datepaid = $_POST['datepaid'];
$late = $_POST['late'];
$secdep = $_POST['secdep'];
$sql = "UPDATE payments SET
chgmoyr = '$chgmoyr', misc = '$misc', damage = '$damage', courtcost = '$courtcost', nsf = '$nsf',
latechg = '$latechg', datepaid = '$datepaid', late = '$late', secdep = '$secdep'
WHERE unit='".$_POST['unit']."'";
echo "Record for unit ".$_POST["unit"]." has been updated";
?>
 
See less See more
#2 ·
You're missing a key part of the code - a long should exist after the $sql and before the echo that actually executes the $sql code. You'd need to know how the database is called in getprerentdb.php to do that. Feel free to post that code, but be careful to remove any usernames or passwords before posting.
 
#3 ·
thanks 4 the effort. the code follows:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$DB_NAME = 'prerentdb'; $DB_HOST = 'localhost';
$DB_USER = 'root'; $DB_PASS = '';
$mysqli = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if (mysqli_connect_errno())
{printf("Connect failed: %s\n", mysqli_connect_error());exit();}
?>

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$DB_NAME = 'prerentdb'; $DB_HOST = 'localhost';
$DB_USER = 'root'; $DB_PASS = '';
$mysqli = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if (mysqli_connect_errno())
{printf("Connect failed: %s\n", mysqli_connect_error());exit();}
?>
 
#4 ·
Tech guy, I posted the code as u suggested. what does this mean - "You're missing a key part of the code - a long should exist after the $sql and before the echo that actually executes the $sql code. You'd need to know how the database is called in getprerentdb.php to do that."
 
#5 ·
The last few lines of the first file you posted should be something like:

PHP:
$sql = "UPDATE payments SET
chgmoyr = '$chgmoyr', misc = '$misc', damage = '$damage', courtcost = '$courtcost', nsf = '$nsf',
latechg = '$latechg', datepaid = '$datepaid', late = '$late', secdep = '$secdep'
WHERE unit='".$_POST['unit']."'";
$mysqli->query($sql);
echo "Record for unit ".$_POST["unit"]." has been updated";
?>
(Note the $mysqli line.)
 
#6 ·
Also, you may want to have a developer look over the code, especially if it's on the Internet (as opposed to local-only). It's best practice not to include $_POST variables inside a SQL statement. It's simple to do a SQL injection that would allow someone to take control of the database remotely.

This would be a start:

PHP:
<?php
//Open a new connection to the MySQL server
require_once "getprerentdb.php";
$chgmoyr = $mysqli->real_escape_string($_POST['chgmoyr']);
$misc = $mysqli->real_escape_string($_POST['misc']);
$damage = $mysqli->real_escape_string($_POST['damage']);
$courtcost = $mysqli->real_escape_string($_POST['courtcost']);
$nsf = $mysqli->real_escape_string($_POST['nsf']);
$latechg = $mysqli->real_escape_string($_POST['latechg']);
$datepaid = $mysqli->real_escape_string($_POST['datepaid']);
$late = $mysqli->real_escape_string($_POST['late']);
$secdep = $mysqli->real_escape_string($_POST['secdep']);
$sql = "UPDATE payments SET
chgmoyr = '$chgmoyr', misc = '$misc', damage = '$damage', courtcost = '$courtcost', nsf = '$nsf',
latechg = '$latechg', datepaid = '$datepaid', late = '$late', secdep = '$secdep'
WHERE unit='".$mysqli->real_escape_string($_POST['unit'])."'";
$mysqli->query($sql);
echo "Record for unit ".$_POST["unit"]." has been updated"; 
?>
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top