0

I wrote this code

if(isset($_POST['update'])) {
            $webname = $_POST['webname'];
            $webmeta = $_POST['webmeta'];
            $webdesc = $_POST['webdesc'];

            $sql=("UPDATE settings (name, meta, description) VALUES ('$webname', '$webmeta', '$webdesc')");
            }

but the problem is that it doesn't update my database, and I cannot find anything wrong in the code ... I have name "update" on submit button, and all my fields are the same as in code

Improve this question
4
  • You have confused UPDATE syntax with INSERT syntax. Which are you trying to do? Add a new record (looks like it), or update an existing one? Commented Dec 28, 2012 at 17:49
  • On top of what @MichaelBerkowski states, you really need to read the stackoverflow.com/questions/7537377/… question/answers as your code is susceptible to SQL injection. Better still use PDO, etc. Commented Dec 28, 2012 at 17:51
  • Also please look into escaping data before putting it in SQL! Commented Dec 28, 2012 at 17:51
  • 3
    Note also that this is vulnerable to SQL injection. Consider using an API supporting prepared statements, like PDO or MySQLi. Commented Dec 28, 2012 at 17:51

5 Answers 5

Reset to default
2

That's insert! Not update!

$sql=("UPDATE `settings` SET `name` = '$webname',
                             `meta` = '$webmeta',
                              `description` = '$webdesc')
               WHERE [some condition]");

And replace the [some condition] with a valid condition.

Your code is heavily vulnerable to SQL Injection.

Consider escaping the input by replacing these:

$webname = $_POST['webname'];
$webmeta = $_POST['webmeta'];
$webdesc = $_POST['webdesc'];

With:

$webname = mysql_real_escape_string($_POST['webname']);
$webmeta = mysql_real_escape_string($_POST['webmeta']);
$webdesc = mysql_real_escape_string($_POST['webdesc']);

Or something equivalent like PDO or MySQLi.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

@Piggie Can you show the full code, what you have tried and connectors too?
Posted as comment to my own post, I hope I posted all info needed
Update it in the question. But where is the execution of query?
0 
 mysql_select_db("my_db", $con);

 mysql_query("UPDATE Persons SET Age=36
    WHERE FirstName='Peter' AND LastName='Griffin'");
Improve this answer

2 Comments

... Which will set every name in your database to Peter Griffin, age 36.
it was an example... the problem is the update syntax not the fields.. thanks for the down vote tho
0

u need to first formulate query ans then run/ execute that 

$query = "UPDATE table_name
 SET column1=value, column2=value2,...
 WHERE some_column=some_value";

// Perform Query
$result = mysql_query($query);
Improve this answer

Comments

0

You need to run 

$connection = mysql_connect($server, $serv_Username, $serv_Password);
mysql_select_db($dbase_name, $connection);
mysql_query($update_query, $connection));

I don't know if this is your problem (don't know how much you know about PHP so just saying).

Also your syntax is wrong. Should be:

UPDATE tablename SET column_name='some_value' WHERE column_name ='some_value'

note that this is diffrent from mentioned above without the thingys covering the column_name parameters.

better is to use PDO as mentioned above, mysql_ can be used "safely" on < PHP 5.5.

Improve this answer

1 Comment

also make sure the user you use to login on database has update permissions and that the username and password are correct. Even if your syntax is perfect this will ruin your party.
0 
   Try The code shown below
 Just replace the field names and values with your information on your database



    $editid=$_POST['editid'];
    $username=callback($_POST['username']);
    $password=callback($_POST['password']);
    $name=callback($_POST['name']);
   $age=callback($_POST['age']);
   $phone=callback($_POST['phone']);
   $emailaddress=callback($_POST['emailaddress']);
  $gender=callback($_POST['gender']);
  $description=callback($_POST['description']);

    $update=update("users","username='".$username."',password='".$password."',name='".$name."',age='".$age."',phone='".$phone."',emailaddress='".$emailaddress."',gender='".$gender."',description='".$description."' ","ID='".$editid."' " );
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.