Can't use the UPDATE query with radio button value

Question

I'm having some trouble with the following code:

$selected_radiobutton = $_POST['themes'];
echo " checked : ".$selected_radiobutton."<br/><br/>";

$sql = mysql_query("SELECT value FROM variable WHERE name = 'theme_default'");
$resultaat = mysql_fetch_assoc($sql);

echo 'current theme: <b><big>' . $resultaat['value'] . '</big></b><br /><br />';    

if ($_POST["updateknop"]) {

$sql = "UPDATE variable SET value='".$selected_radiobutton."' WHERE name = 'theme_default'";
if (!mysql_query($sql)) {
    echo "failed";
}
else {
    echo "Query update: '".$selected_radiobutton."'";
}


}

And for some reason, all the update query does, is putting in a empty string in the database... Is it that hard to use a variable two times?

Can someone help me out with this one? :)

Ty

Answer 1

Does your radio-button-element look like this?

<form method="post" action="file.php">
...
<input type="radio" name="themes" value="defaulttheme" />
...
<input type="submit" name="updateknop" value="send" />
</form>

For this your code should work.

Anyway you should definitly escape your inputs before executing the query! mysql_real_escape() helps you! Otherwise your script is vulnerable for SQL-Injections!

Another advice for mysql-queries: escape also the field names with this char: `

If you are using reserved words as filenames without this char like key, log, ... you get an error!

UPDATE `variable` SET `value` = '".mysql_real_escape($selected_radiobutton)."' WHERE `name` = 'theme_default';

Answer 2

Please vardump the $selected_radiobutton and see you actually getting string from $_POST - This will help I guess.

Answer 3

Never mind, figured it out myself :)

The script does work, but I was keep pressing the wrong button. Thanks anyway!