Updating MySQL with PHP

**J.O. Aho** · Jul 18 '07, 04:35 AM

Re: Updating MySQL with PHP

Ronald Schow wrote:

The page I want to update is similar to "http:www.hospi ceslo.org/events.php"
(read only). On my update page I've got the same table as a FORM where the
client can make changes to the fields. The problem I'm having is updating
the MySQL data base with the content of the form. I have no clue and would
like to know where to start. Can I get some pointers to references or
examples, even suggestions, on how this can be successfully done?

Without checking what the user has sent

//assume you have already connected to the database
//if not see the online manual for mysql_connect()
$query("UPDATE tablename SET column1='{$_REQ UEST['column1']}',
column2='{$_REQ UEST['column2']}', column3='{$_REQ UEST['column3']}' WHERE
keycolumn='{$_R EQUEST['keycolumn']}'";
mysql_query($qu ery);

In your form you have a hidden field keycolumn which has the rows primary key
value and then you name the options that the user can update for column1,
column2, ...

--

//Aho

**Toby A Inkster** · Jul 18 '07, 09:05 AM

Re: Updating MySQL with PHP

J.O. Aho wrote:

$query("UPDATE tablename SET column1='{$_REQ UEST['column1']}',
column2='{$_REQ UEST['column2']}', column3='{$_REQ UEST['column3']}' WHERE
keycolumn='{$_R EQUEST['keycolumn']}'";

Argh!

$query = sprintf("UPDATE tablename"
." SET column2='%s', column3='%s'"
." WHERE column1='%s';"
,mysql_real_esc ape_string($_RE QUEST['column2'])
,mysql_real_esc ape_string($_RE QUEST['column3'])
,mysql_real_esc ape_string($_RE QUEST['column1'])
);

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]

PHP Linkifier

Page not found - Tobyinkster

http://tobyinkster.co.uk/blog/2007/07/18/linkify/

**Matthew White** · Jul 18 '07, 02:15 PM

Re: Updating MySQL with PHP

"Toby A Inkster" <usenet200707@t obyinkster.co.u kwrote in message
news:j4v0n4-mvu.ln1@ophelia .g5n.co.uk...

J.O. Aho wrote:
>

>$query("UPDA TE tablename SET column1='{$_REQ UEST['column1']}',
>column2='{$_RE QUEST['column2']}', column3='{$_REQ UEST['column3']}' WHERE
>keycolumn='{$_ REQUEST['keycolumn']}'";

>
Argh!
>
$query = sprintf("UPDATE tablename"
." SET column2='%s', column3='%s'"
." WHERE column1='%s';"
,mysql_real_esc ape_string($_RE QUEST['column2'])
,mysql_real_esc ape_string($_RE QUEST['column3'])
,mysql_real_esc ape_string($_RE QUEST['column1'])
);
>
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]
>
PHP Linkifier
http://tobyinkster.co.uk/blog/2007/07/18/linkify/

Be sure to clean your input before you put it into the database, that
certainly could present a problem in the future if someone tries an
Injection attack. As for using the $_REQUEST array, try to use the more
specific $_GET or $_POST arrays, as the ability to send data through two
methods could cause problems if someone tries to maliciously insert data.

Matt

Updating MySQL with PHP

Updating MySQL with PHP

Comment

Comment

Comment