CODEWITHSUNDEEP
phpmysql
user225269
user225269

Reputation: 10893

trying to update mysql database in php

I'm trying to have an html form which updates mysql data. Now , I have this code(which is also a form action) and I'm trying to also use this as a form for my update. Because I will need the data that this form would show, so that it will be easier for the users to update only what they wish to update.

this is the form that will try to search the data :

  <form name="form1" method="post" action="new.php">
   <td>
   <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
   <tr>
   <td colspan="16" style="background:#9ACD32; color:white; border:white 1px solid;    
 text-align: center"><strong><font size="3">ADMISSION INFORMATION SHEET</strong></td>

 </tr>
<tr>

This is new.php( will display the corresponding data based on the firstname inputted. And will also try to serve as a form for the update process.

$con = mysql_connect("localhost","root","");
    if (!$con)
   {
   die('Could not connect: ' . mysql_error());
       }

     mysql_select_db("Hospital", $con);
     $result = mysql_query("SELECT * FROM t2 WHERE FIRSTNAME='{$_POST["fname"]}'");
    ?>

    <table width="900" border="0" align="left" cellpadding="0" cellspacing="1"            bgcolor="#CCCCCC">
    <td>
   <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
   <tr>
   <td colspan="16" style="background:#9ACD32; color:white; border:white 1px solid;  text-align: center"><strong><font size="3">ADMISSION INFORMATION SHEET</strong></td>
 </tr>
 <tr>

 <?php while ( $row = mysql_fetch_array($result) ) { ?>
<form name="form1" method="post" action="update.php">

   <td width="54"><font size="3">Hospital #</td>

    <td width="3">:</td>

    <td width="168"><input name="hnum" type="text" value="<?php echo $row["HOSPNUM"]; ?>">
</td>

This is my update.php, 

   mysql_select_db("Hospital", $con);


 mysql_query("UPDATE t2 SET HOSPNUM='$_POST[hnum]' ROOMNUM='$_POST[rnum]',                                                                         
     LASTNAME='$_POST[lname]', FIRSTNAME='$_POST[fname]', MIDNAME='$_POST[mname]',      
     CSTAT='$_POST[cs]' AGE='$_POST[age]', BDAY='$_POST[bday]', ADDRESS='$_POST[ad]',  
        STAT='$_POST[stats1]', STAT2'$_POST[stats2]', STAT3'$_POST[stats3]', 
      STAT4'$_POST[stats4]', STAT5'$_POST[stats5]', STAT6'$_POST[stats6]', 
      STAT7'$_POST[stats7]', STAT8'$_POST[stats8]', NURSE='$_POST[nurse]', TELNUM 
    ='$_POST[telnum]'

    WHERE FNAME ='$_POST[fname]'");

mysql_close($con);
    ?>

-Please help, I don't have any idea why it isnt updating the data.

Upvotes: 1

Views: 751

Answers (2)

Sonny
Sonny

Reputation: 8336

The previous comments are absolutely correct. I would recommend using the PDO or MySQLi adapters and use a prepared statement for your record insertion as a bare minimum of security. Using the first name as a unique identifier is a bad idea. Don't you have a primary key column in the table?

To answer your actual question, one the problem is with the array notation in the double-quoted string. There are several equals signs missing from your statement as well. Try this:

mysql_query("
    UPDATE t2
    SET HOSPNUM='" . mysql_real_escape_string($_POST['hnum']) . "',
        ROOMNUM='" . mysql_real_escape_string($_POST['rnum']) . "',
        LASTNAME='" . mysql_real_escape_string($_POST['lname']) . "',
        FIRSTNAME='" . mysql_real_escape_string($_POST['fname']) . "',
        MIDNAME='" . mysql_real_escape_string($_POST['mname']) . "',
        CSTAT='" . mysql_real_escape_string($_POST['cs']) . "',
        AGE='" . mysql_real_escape_string($_POST['age']) . "',
        BDAY='" . mysql_real_escape_string($_POST['bday']) . "',
        ADDRESS='" . mysql_real_escape_string($_POST['ad']) . "',
        STAT='" . mysql_real_escape_string($_POST['stats1']) . "',
        STAT2='" . mysql_real_escape_string($_POST['stats2']) . "',
        STAT3='" . mysql_real_escape_string($_POST['stats3']) . "',
        STAT4='" . mysql_real_escape_string($_POST['stats4']) . "',
        STAT5='" . mysql_real_escape_string($_POST['stats5']) . "',
        STAT6='" . mysql_real_escape_string($_POST['stats6']) . "',
        STAT7='" . mysql_real_escape_string($_POST['stats7']) . "',
        STAT8='" . mysql_real_escape_string($_POST['stats8']) . "',
        NURSE='" . mysql_real_escape_string($_POST['nurse']) . "',
        TELNUM='" . mysql_real_escape_string($_POST['telnum']) . "'
    WHERE FNAME='" . mysql_real_escape_string($_POST['fname']) . "'
");

Upvotes: 0

gimpe
gimpe

Reputation: 1057

Typo, there is a missing "," between HOSPNUM and ROOMNUM: SET HOSPNUM='$_POST[hnum]', ROOMNUM=

Upvotes: 2

Related Questions