开发者

MySQL update query not working

问答 作者:

I have mysql table with following fields

id (which auto increments)

title,name,age,institution,iod

the fields like title,name,age,institution are entered in the form structure (html page) and by clicking submit button are stored in DB(mysql)

iod is the field is s开发者_如何学Pythonomething like this 123/id (nothing but same id field but with '123/' prefix before)

now when the user enters title,name,age,institution these need to stored in DB including id and iod.

Now for executing the above i wrote the following the fields title,name,age,institution and id are successfully stored but iod is not stored.

Can you please show me the error i made here??

I wrote the following syntax for the code(part of the same code)

if ($_POST['title'] != '')
{
$value = $_POST['title'];
$value1 = $_POST['name']; 
$value2 = $_POST['age'];  
$value5 = $_POST['institution']; 

$sql = "INSERT INTO parentid(title,name,age,institution) VALUES('$value','$value1','$value2','$value5')"  ;

}
$sql1="SELECT * FROM parentid ORDER BY id DESC LIMIT 1";
$value6=$row['id'];
$value4= '123/' . $row['id'] ;
$sql2="UPDATE parentid SET iod='$value4' WHERE id = '$value6' ";

The problem is that you are not executing your queries, you just put the query in a string but then you don´t do anything with it.

For the second query (simple sample code):

$sql1="SELECT * FROM parentid ORDER BY id DESC LIMIT 1";
$result = mysql_query($sql1);
if ($row = mysql_fetch_assoc($result))
{
  $value6=$row['id'];
  // etc., error handling not added
}

You didn't execute any of the queries? Also, you should escape the parameters...

if ( !empty( $_POST['title'] ) || !empty( $_POST['calc_url'] ) ) {

    $value = mysql_real_escape_string( $_POST['title'] );
    $value1 = mysql_real_escape_string( $_POST['name'] ); 
    $value2 = mysql_real_escape_string( $_POST['age'] );  
    $value5 = mysql_real_escape_string( $_POST['institution'] ); 

    $sql = "INSERT INTO parentid
            (title,name,age,institution) 
        VALUES ('$value','$value1','$value2','$value5')"  ;

    mysql_query( $sql ) or die( mysql_error());
}

Also, you don't need a second select... Get the id by using mysql_insert_id function.

$value6 = mysql_insert_id();
$value4= '123/' . $value6 ;

And then update:

$sql2="UPDATE parentid SET iod='$value4' WHERE id = '$value6' ";
mysql_query( $sql2 );

I encorage you to use PDO or mysqli though...

Unless you've missed out chunks of code when copying/pasting into the question, there are a few problems.

Firstly, you're not actually executing the queries (I'm assuming that you are actually connecting to the database somewhere). After you assign a string to $sql, you can execute the query:

$result = mysql_query($sql);

Secondly, $row won't contain anything unless you get the data out of the dataset returned by the query:

$row = mysql_fetch_assoc($result);

Third, your if statement does not contain the UPDATE query, so that's going to execute whether or not $_POST['title'] is empty or not.

As others have mentioned, your queries are wide open to SQL injection attacks. At a minimum you will need to use mysql_real_escape_string around any inputs.

Finally, you can use mysql_insert_id to get the ID of the latest insert, instead of making another read.

Here's some attempt to rework your code (note that this is untested and could be much better):

if($_POST['title'] != '') {
    //Connect to database here (or somewhere else if you already are)

    $value = mysql_real_escape_string($_POST['title']);
    $value1 = mysql_real_escape_string($_POST['name']); 
    $value2 = mysql_real_escape_string($_POST['age']);  
    $value5 = mysql_real_escape_string($_POST['institution']); 

    $sql = "INSERT INTO parentid(title,name,age,institution) VALUES('$value','$value1','$value2','$value5')";
    $result = mysql_query($sql);

    if($result) {
        $value6 = mysql_insert_id($result);
        $value4 = '123/' . $value6;
        $sql2 = "UPDATE parentid SET iod='$value4' WHERE id = '$value6'";
        mysql_query($sql2);
    }
}

My guess is that you have a special character that needs escaping. I'm assuming you already know you should escape all those strings before inserting them in the DB.

In PHP you have a mysql_real_escape_string function that you should use to escape each of those values.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9