Results 1 to 3 of 3

Thread: Updating rows in a mysql table

  1. #1
    Join Date
    Jan 2013

    Angry Updating rows in a mysql table

    Hey I im trying to udpate the rows PassWord, email, Age in my membersys table of my mysql database. With the code im using its only saving the age and nothing else.

    Also the the new info is coming from a form using the POST method

    PHP Code:

    $con mysql_connect("localhost","MyUser","MySecretPass");
    if (!
    'Could not connect: ' mysql_error());


    $ui $_POST['username'];
    $pi $_POST['password'];
    $ei $_POST['email'];
    $ag $_POST['age'];
    $user =  $_SESSION['UserName'];

    mysql_query("UPDATE Member SET PassWord=$ui WHERE UserName='$user'");
    mysql_query("UPDATE Member SET email=$ei WHERE UserName='$user'");
    mysql_query("UPDATE Member SET Age=$ag WHERE UserName='$user'");

    Header("Location: acc_content.php?account=updated");

    Any Ideas?

  2. #2
    Join Date
    Aug 2004
    Check the return value from your calls to mysql_query() to see if it is false, and if so output/log some debug info (such as via mysql_error()). I suspect the problem is that you are not quoting the non-numeric values for email and password.

    Note that there is no need for 3 separate queries: all 3 fields can be set in a single update query.

    Lastly, your script is susceptible to SQL injection since you are not escaping the strings being inserted as values or used in the where clause, nor ensuring that numeric values are actually numeric (see mysql_real_escape_string()).

    Even more lastly, the MySQL extension has been deprecated in favor of either the MySQLi or PDO extension (both of which allow you to use bound parameters in your queries, getting rid of the need to worry about escaping text parameters.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Jun 2006
    Under your bed
    What happens when you replace this:

    PHP Code:
    mysql_query("UPDATE Member SET PassWord=$ui WHERE UserName='$user'"); 
    mysql_query("UPDATE Member SET email=$ei WHERE UserName='$user'"); 
    mysql_query("UPDATE Member SET Age=$ag WHERE UserName='$user'"); 
    With this?:
    PHP Code:
    mysql_query("UPDATE `Member` SET `PassWord` = '".$ui."', `email` = '".$ei."', `Age` = '".$ag."' WHERE `UserName` = '".$user."'"); 
    - -

    Also, you might want to consider going all lower case with your table and column names. Then you don't have to remember where the uppercase letters were.

    I also recommend more descriptive variable names (e.g. $email, not $ei)
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center