www.webdeveloper.com
Results 1 to 3 of 3

Thread: Updating rows in a mysql table

  1. #1
    Join Date
    Jan 2013
    Posts
    1

    Angry Updating rows in a mysql table

    Hey I im trying to udpate the rows PassWord, email, Age in my membersys table of my mysql database. With the code im using its only saving the age and nothing else.

    Also the the new info is coming from a form using the POST method

    PHP Code:
    <?php
    session_start
    ();

    $con mysql_connect("localhost","MyUser","MySecretPass");
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }

    mysql_select_db("membersys"$con);

    $ui $_POST['username'];
    $pi $_POST['password'];
    $ei $_POST['email'];
    $ag $_POST['age'];
    $user =  $_SESSION['UserName'];

    mysql_query("UPDATE Member SET PassWord=$ui WHERE UserName='$user'");
    mysql_query("UPDATE Member SET email=$ei WHERE UserName='$user'");
    mysql_query("UPDATE Member SET Age=$ag WHERE UserName='$user'");

    Header("Location: acc_content.php?account=updated");

    mysql_close($con);
    ?>
    Any Ideas?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,176
    Check the return value from your calls to mysql_query() to see if it is false, and if so output/log some debug info (such as via mysql_error()). I suspect the problem is that you are not quoting the non-numeric values for email and password.

    Note that there is no need for 3 separate queries: all 3 fields can be set in a single update query.

    Lastly, your script is susceptible to SQL injection since you are not escaping the strings being inserted as values or used in the where clause, nor ensuring that numeric values are actually numeric (see mysql_real_escape_string()).

    Even more lastly, the MySQL extension has been deprecated in favor of either the MySQLi or PDO extension (both of which allow you to use bound parameters in your queries, getting rid of the need to worry about escaping text parameters.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    357
    What happens when you replace this:

    PHP Code:
    mysql_query("UPDATE Member SET PassWord=$ui WHERE UserName='$user'"); 
    mysql_query("UPDATE Member SET email=$ei WHERE UserName='$user'"); 
    mysql_query("UPDATE Member SET Age=$ag WHERE UserName='$user'"); 
    With this?:
    PHP Code:
    mysql_query("UPDATE `Member` SET `PassWord` = '".$ui."', `email` = '".$ei."', `Age` = '".$ag."' WHERE `UserName` = '".$user."'"); 
    - -

    Also, you might want to consider going all lower case with your table and column names. Then you don't have to remember where the uppercase letters were.

    I also recommend more descriptive variable names (e.g. $email, not $ei)
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles