Please take a look at my code(s) and offer advice.
The first is a form to update a database row and
the second is to update. I get a message that the
update is made but it is not.
================================================
the form:
<!DOCTYPE html>
update form
mischg-update Form
Unit
Chgmoyr
Misc
Damage
Courtcost
Nsf
Latechg
Datepaid
Late
Secdep
=================================================
the update code:
<?php
//Open a new connection to the MySQL server
require_once "getprerentdb.php";
$chgmoyr = $_POST['chgmoyr'];
$misc = $_POST['misc'];
$damage = $_POST['damage'];
$courtcost = $_POST['courtcost'];
$nsf = $_POST['nsf'];
$latechg = $_POST['latechg'];
$datepaid = $_POST['datepaid'];
$late = $_POST['late'];
$secdep = $_POST['secdep'];
$sql = "UPDATE payments SET
chgmoyr = '$chgmoyr', misc = '$misc', damage = '$damage', courtcost = '$courtcost', nsf = '$nsf',
latechg = '$latechg', datepaid = '$datepaid', late = '$late', secdep = '$secdep'
WHERE unit='".$_POST['unit']."'";
echo "Record for unit ".$_POST["unit"]." has been updated";
?>
You're missing a key part of the code - a long should exist after the $sql and before the echo that actually executes the $sql code. You'd need to know how the database is called in getprerentdb.php to do that. Feel free to post that code, but be careful to remove any usernames or passwords before posting.
Tech guy, I posted the code as u suggested. what does this mean - "You're missing a key part of the code - a long should exist after the $sql and before the echo that actually executes the $sql code. You'd need to know how the database is called in getprerentdb.php to do that."
Also, you may want to have a developer look over the code, especially if it's on the Internet (as opposed to local-only). It's best practice not to include $_POST variables inside a SQL statement. It's simple to do a SQL injection that would allow someone to take control of the database remotely.
This would be a start:
PHP:
<?php
//Open a new connection to the MySQL server
require_once "getprerentdb.php";
$chgmoyr = $mysqli->real_escape_string($_POST['chgmoyr']);
$misc = $mysqli->real_escape_string($_POST['misc']);
$damage = $mysqli->real_escape_string($_POST['damage']);
$courtcost = $mysqli->real_escape_string($_POST['courtcost']);
$nsf = $mysqli->real_escape_string($_POST['nsf']);
$latechg = $mysqli->real_escape_string($_POST['latechg']);
$datepaid = $mysqli->real_escape_string($_POST['datepaid']);
$late = $mysqli->real_escape_string($_POST['late']);
$secdep = $mysqli->real_escape_string($_POST['secdep']);
$sql = "UPDATE payments SET
chgmoyr = '$chgmoyr', misc = '$misc', damage = '$damage', courtcost = '$courtcost', nsf = '$nsf',
latechg = '$latechg', datepaid = '$datepaid', late = '$late', secdep = '$secdep'
WHERE unit='".$mysqli->real_escape_string($_POST['unit'])."'";
$mysqli->query($sql);
echo "Record for unit ".$_POST["unit"]." has been updated";
?>
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Tech Support Guy
9.9M posts
859.7K members
Since 1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!