why not updated database?

I write a website for PHR (at the moment the admin unit). There is an edit_text.php file that displays a list of pages to edit without an ID infidator, and if it is, the form containing the corresponding page:

if (isset($id)) 
{
    $result = mysql_query("SELECT * FROM settings WHERE id='$id'", $db);
    $myrow = mysql_fetch_array($result);
    print <<<HERE
    <form name="form1" method="post" action="update_text.php">
        <p>
            <label>   ( title)<br>
                <input value="$myrow[title]" type="text" name="title" id="title">
            </label>
        </p>
        <p>
            <label>   <br>
                <input value="$myrow[meta_d]" type="text" name="meta_d" id="meta_d">
            </label>
        </p>
        <p>
            <label>    <br>
                <input value="$myrow[meta_k]" type="text" name="meta_k" id="meta_k">
            </label>
        </p>
        <p>
            <label>
                <p>     </p>
            <p>
                <textarea name="text" id="text" cols="50" rows="20">$myrow[text]</textarea>
            </label>
            </p>
        </p>
        <input name="id" type="hidden" value="$myrow[id]">
        <p>
            <label>
                <input type="submit" name="submit" id="submit" value=" ">
            </label>
        </p>
    </form>
HERE;
}
else
{
    $result = mysql_query("SELECT id, title FROM settings", $db);
    $myrow = mysql_fetch_array($result);
    do {
        printf("<p><a href='edit_text.php?id=%s'>%s</a></p>", $myrow['id'], $myrow['title']);
    } while ($myrow = mysql_fetch_array($result));
}

then the data is sent to the update_text.php file.

if (isset($id) && isset($title) && isset($meta_d) && isset($meta_k) && isset($text))            
{
    $result = mysql_query("UPDATE settings SET title='$title', meta_d='$meta_d', meta_k='$meta_k', text='$text' WHERE id='$id')", $db);
    if ($result == true) 
    {
        echo"<p>   .</p>";
    }
    else 
    {
        echo"<p>   .</p>";
    }
}
else
{
    echo"<p>    ,     .      .</p>";
}
?>

What data are neither entering, runs the line:

echo"<p>   .</p>".

What to do? Why is the database not updated?


Answer 1, Authority 100%

@ Asiasykin, I have no doubt that you have seen an article in an internet about the OOP, but judging by what they wrote, you do not have the concept that it is.
Let’s start with what if you want an OOP, then do this:

class Params { }
class BaseUpdate {
final static function update($plink) {
if ($plink->id && $plink->title && $plink->meta1 && $plink->meta2 && $plink->text) {
mysql_query("update `table` set `title`='".$plink->title."' where `id`='".$plink->id."';"); //   
}
}
}

And the call itself:

$p = new Params;
$p->id = 1;
$p->title = 'some title';
$p->meta1 = 'm1';
$p->meta2 = 'm2';
$p->text = 'text';
BaseUpdate::update($p);

This is as an example. I think that the use of OOP can be found in the same place where you found that nonsense that they wrote πŸ™‚


Answer 2

This is most likely because $id is equal to who knows what. Add a debug output to see what’s in the $id variable. Probably some trash. If there were any syntax error in the request related to the failed merging, you would get an error and see “page not edited”


Answer 3

No, just because isset is a function that determines the existence of a variable, and you pass it anyway.

I.e. you need to do it wrong:

if (isset($param)) {
print "Hello world!";
}

And like this:

if (trim($param)) {
print "Hello world!";
}

And then you throw out your request like:

mysql_query("UPDATE settings SET title='$title', meta_d='$meta_d', meta_k='$meta_k', text='$text' WHERE id='$id'"), $db);

And write like this:

mysql_query("UPDATE `settings` SET `title`='".$title."', `meta_d`='".$meta_d."', `meta_k`='".$meta_k."', `text`='".$text."' WHERE `id`='".$id."';");

That’s all. It will work, of course, if you pass data πŸ™‚

P.S:
Most importantly:

if ($result == true)

DO NOT WRITE THIS! NEVER DO THIS! πŸ™‚
necessary:
if ($result === true)


Answer 4

$result = mysql_query("UPDATE settings SET title='$title', meta_d='$meta_d', meta_k='$meta_k', text='$text' WHERE id='$id')", $db);

try this:

$result = mysql_query("UPDATE settings SET title='".$title."', meta_d='".$meta_d."', meta_k='".$meta_k."', text='".$text."' WHERE id='".$id."';");

And isset checks if your variable is initialized, in your case it is initialized.
Use trim();


Answer 5

1) Check if there is an entry in the table with id=” or id=0 if id type is INT; isset returns true even with empty values. If it is, it fails when checking the data.

2) For a numeric id, it’s better to use “if (isset($id) && (intval($id) > 0)) {}”

3) For Update use mysql___affected_rows

$q = mysql_query('UPDATE ...etc...');
if (mysql_affected_rows($q)>0) {
  // ok
  }

,mysql_query returns true for a query with no errors, not for a successfully updated record.

4) I really hope that you have register_globals turned off and you check incoming data, otherwise everything can end sadly.


Answer 6

This is ->
if (isset($id) && isset($title) && isset($meta_d) && isset($meta_k) && isset($text))

Replace with this:
PHP is object oriented. Why is no one using classes? Is it much more convenient?
So here it is:
1. Create some common.php, include it in the database connection config.
2. In your file (where you are trying to throw that crap into the database) include common.php
3. after that:
The contents of the garbage that is currently chopping your check:

$base_update = new BaseUpdate();
$result = $base_update->dbupdate($id, $title, $meta_d, $meta_k, $text);
if($result){
   echo"<p>   .</p>";  
} else {
   echo"<p>    ,     .     
        .</p>";
}

Content of common.php

class BaseUpdate { 
       function dbupdate($id, $title, $meta_d, $meta_k, $text) {
       $b = 0;
       $valid = array($id, $title, $meta_d, $meta_k, $text);
       for($i=0; $i<count($valid); $i++){
           if(strlen($valid) > 4){ //-...        ,    , , ,    :) ,   ,   .    .            . 
               $b++;
           }
           if($b < count($valid)){  
                  $result = mysql_query("UPDATE settings SET title='$title', 
                   meta_d='$meta_d', 
                   meta_k='$meta_k', 
                   text='$text' 
                   WHERE id='$id')", $db);
                   return true;
           } else { return false; }
       }
 }

}


Actually…. what I wanted to say. Check the correctness of the entered values ​​BEFORE sending them to the database… because the result can be deplorable :))


Answer 7

Guys, maybe all the same, in his case, all the cities are simpler =)
Or a friend is trying to pull out global variables that are disabled.
either:

data is like POST and should be accepted accordingly:

$result = mysql_query("UPDATE settings SET title='".$_POST['title']."', meta_d='".$_POST['meta_d]'."', meta_k='".$_POST['meta_k']."', text='".$_POST['text']."' WHERE id='".$_POST['id']."';", $db);

PS: Well, as mentioned above, the form data must be checked in any case (either before the submit() event via javascript, but it is better when received before writing to the database)
PPS: And one more thing, in some case, you cannot send a query containing html tags to the database, or at least allow only some, since SQL injection is easily pushed through this query


Answer 8

Quotetext in italics <?php

$dar = duenne($kfmze,.e)’;

?>