CODEWITHSUNDEEP
phpmysqlsql
Piggie
Piggie

Reputation: 27

Php update function

I wrote this code

if(isset($_POST['update'])) {
            $webname = $_POST['webname'];
            $webmeta = $_POST['webmeta'];
            $webdesc = $_POST['webdesc'];

            $sql=("UPDATE settings (name, meta, description) VALUES ('$webname', '$webmeta', '$webdesc')");
            }

but the problem is that it doesn't update my database, and I cannot find anything wrong in the code ... I have name "update" on submit button, and all my fields are the same as in code

Upvotes: 0

Views: 1601

Answers (5)

John Michael
John Michael

Reputation: 1

   Try The code shown below
 Just replace the field names and values with your information on your database



    $editid=$_POST['editid'];
    $username=callback($_POST['username']);
    $password=callback($_POST['password']);
    $name=callback($_POST['name']);
   $age=callback($_POST['age']);
   $phone=callback($_POST['phone']);
   $emailaddress=callback($_POST['emailaddress']);
  $gender=callback($_POST['gender']);
  $description=callback($_POST['description']);

    $update=update("users","username='".$username."',password='".$password."',name='".$name."',age='".$age."',phone='".$phone."',emailaddress='".$emailaddress."',gender='".$gender."',description='".$description."' ","ID='".$editid."' " );

Upvotes: 0

C-TZ
C-TZ

Reputation: 659

You need to run 

$connection = mysql_connect($server, $serv_Username, $serv_Password);
mysql_select_db($dbase_name, $connection);
mysql_query($update_query, $connection));

I don't know if this is your problem (don't know how much you know about PHP so just saying).

Also your syntax is wrong. Should be:

UPDATE tablename SET column_name='some_value' WHERE column_name ='some_value'

note that this is diffrent from mentioned above without the thingys covering the column_name parameters.

better is to use PDO as mentioned above, mysql_ can be used "safely" on < PHP 5.5.

Upvotes: 0

zafus_coder
zafus_coder

Reputation: 4591

u need to first formulate query ans then run/ execute that 

$query = "UPDATE table_name
 SET column1=value, column2=value2,...
 WHERE some_column=some_value";

// Perform Query
$result = mysql_query($query);

Upvotes: 0

DWolf
DWolf

Reputation: 725

 mysql_select_db("my_db", $con);

 mysql_query("UPDATE Persons SET Age=36
    WHERE FirstName='Peter' AND LastName='Griffin'");

Upvotes: 0

Praveen Kumar Purushothaman
Praveen Kumar Purushothaman

Reputation: 167192

That's insert! Not update!

$sql=("UPDATE `settings` SET `name` = '$webname',
                             `meta` = '$webmeta',
                              `description` = '$webdesc')
               WHERE [some condition]");

And replace the [some condition] with a valid condition.

Your code is heavily vulnerable to SQL Injection.

Consider escaping the input by replacing these:

$webname = $_POST['webname'];
$webmeta = $_POST['webmeta'];
$webdesc = $_POST['webdesc'];

With:

$webname = mysql_real_escape_string($_POST['webname']);
$webmeta = mysql_real_escape_string($_POST['webmeta']);
$webdesc = mysql_real_escape_string($_POST['webdesc']);

Or something equivalent like PDO or MySQLi.

Upvotes: 2

Related Questions