Simple Update form not update field on database help

PHP
1

Hi i have this simple update form and scrip but somehow it doesnt seem to be update the field on the database can someone help out please.

The html form is the second form bellow where the action send to status_update.php

	
<?php				include("../header.html");			?>
<?php				include("header_news.html");			
extract($_REQUEST,EXTR_SKIP);
?><?php			
/*				print("sfilm_refnum = $sfilm_refnum<BR>");				
print("sfilm_addr01 = $sfilm_addr01<BR>");				
print("sfilm_postcode = $sfilm_postcode<BR>");				
print("Film Client = $fclient<BR>");			*/ 			
?>			
<form id="search" action="list.php" method="post" name="search">				
<table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee">					
<tr>						
<td align="right" width="140"></td>						
<td width="320"><span class="hofblack10">							
</span>							
</td>						
<td align="center" width="100"><input type="hidden" name="lstart" value="<?php print("$lstart"); ?>" /><input type="hidden" name="lend" value="<?php print("$lend"); ?>" /><input type="hidden" name="lamount" value="<?php print("$lamount"); ?>" /></td>						<td align="center" width="100"></td>						
<td align="right"></td>					
</tr>				
</table>			
</form>			
<table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#4050c4">				
<tr>				  
<td width="60" class="hofwhite10">action</td>					
<td width="140"><span class="hofwhite14">DATE</span></td>					
<td width="80"><span class="hofwhite14">ID</span></td>					
<td><span class="hofwhite14">News Titile</span></td>					
<td width="100"><span class="hofwhite14">Status</span></td>				
</tr>				
<tr height="0">				  
<td bgcolor="white" width="60"></td>					
<td bgcolor="white" width="140" height="0"></td>					
<td bgcolor="white" width="80" height="0"></td>					
<td bgcolor="white" height="0"></td>					
<td bgcolor="white" width="100" height="0"></td>				
</tr>			
</table><table width="780" border="0" cellspacing="0" cellpadding="4"><tr>					
<td width="60"></td>				  
<td width="80"></td>					
<td><a class="blueullrg" href="add.php">Add News</a></td>					
<td align="right" width="120"></td>				
</tr>				
<tr height="0">					
<td width="60" height="0"></td>				  
<td width="80" height="0"></td>					
<td height="0"></td>					
<td align="right" width="120" height="0"></td>				
</tr>			
</table>  <?php          
//get the DB connection variables	
include("../../../includes/config.php");		
//connect to DB		
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");		
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select DATABASE.");				
$query2="SELECT * FROM news WHERE !(news_status='deleted')";		
$result2 = mysql_query($query2) or die("Couldn't execute QUERY - Select NEWS Qty");		
$fqty = mysql_num_rows($result2);			
//SELECT or FIND the same USERNAME		
$query3="SELECT * FROM news WHERE !(news_status='deleted') ORDER BY news_id DESC";		
$result3 = mysql_query($query3) or die("Couldn't execute QUERY - Select NEWS");		
while ($row = mysql_fetch_array($result3))			
{				
$news_id 				= $row['news_id'];				
$news_title				= $row['news_title'];				
$news_story				= $row['news_story'];				
$news_image				= $row['news_image'];				
$news_image_caption		= $row['news_image_caption'];				
$news_image_link		= $row['news_image_link'];				
$news_date_day			= $row['news_date_day'];				
$news_date_month		= $row['news_date_month'];				
$news_date_year			= $row['news_date_year'];				
$news_status			= $row['news_status'];				
$news_website			= $row['news_website'];				
$news_date_created		= $row['news_date_created'];		
		$news_date_modified		= $row['news_date_modified'];	?>			
		<table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee">				
		<tr>				  
		<td width="60"><span class="hofblack10">				   
		 <?php					
		 if($news_status=="deleted"){						
		 print("<a class='hifblack10'>deleted</span>");					
		 }ELSE{						
		 print("<a class='blueul' href='edit.php?id=$news_id'>edit</a>");					
		 }					
		 ?>				 
		  </span></td>					
		  <td width="140"><span class="titlegrey12">					  
		  <?php					  
		  if(!$news_date_day) 
		  { echo "00"; }
		  else{ echo $news_date_day; }					  
		  echo "/";					 
		   if(!$news_date_month) { echo "00"; }else{ echo $news_date_month; }					  
		   echo "/";					  
		   if(!$news_date_year) { echo "0000"; }else{ echo $news_date_year; }					
		   ?>					
		   </span></td>					
		   <td width="80"><span class="titlegrey12"><?php					print("$news_id");					?></span>
		   </td>					
		   <td><?php					
		   if($news_status=="deleted")
		   {						
		   print("<class='hofblack10'>$news_title</span>");					
		   }ELSE{						
		   print("<a class='blueul' href='edit.php?id=$news_id'>$news_title</a>");					
		   }					
		   ?></td>					
		   <td width="100">						
		   <form id="list_update" action="status_update.php" method="post" name="list_update">							
		<select name="newnstatus" size="1">								
		   <option  <?php if($row['news_status'] == "") 
		   {
            print("selected");
           } ?> 
		   selected="selected" value="">Status...</option>								
		   <option  <?php if($row['news_status'] == "on")
           {
            print("selected");
           } ?> value="on">On</option>
           	<option  <?php if($row['news_status'] == "off")
           {
            print("selected");
           } ?> value="off">Off</option>
            <option  <?php if($row['news_status'] == "deleted")
           {
            print("selected");
           } ?> value="deleted">Delete</option>
        </select>
         <input type="hidden" name="nstatus" value="<?php echo $row[news_status]; ?>" />	                        
		   <input type="hidden" name="id" value="<?php echo $row[news_id]; ?>" />                        
		   <input type="submit" name="update" value="update" />						
		   </form>                     
		    </td>				
			</tr>				
			<tr height="0">				  
			<td bgcolor="white" width="60"></td>					
			<td bgcolor="white" width="140" height="0"></td>					
			<td bgcolor="white" width="80" height="0"></td>					
			<td bgcolor="white" height="0"></td>					
			<td bgcolor="white" width="100" height="0"></td>				
			</tr>			
			</table>
			<?php			}		mysql_close($connection);//}?>			
			<table width="780" border="0" cellspacing="0" cellpadding="4">		  
			<tr>					
			<td width="60"></td>				  
			<td width="80"></td>					
			<td><a class="blueullrg" href="add.php">Add News</a></td>					
			<td align="right" width="120"></td>				
			</tr>			
			</table><?php				// include("list_navigation.html");			?>
			<?php				include("../footer.html");			?>
			</div></body></html>

and the update file name (status_update.php)

<?php
/*	echo "fstatus: ".$fstatus."<BR>";	
echo "id: ".$id."<BR>";	
echo "fclient: ".$fclient."<BR>";	
echo "newfstatus: ".$newfstatus."<BR>";*/	
//set the date of agreement		
$timestamp = date('l jS \\of F Y h:i:s A');	
//get the DB connection variables		
include("../../../includes/config.php");
//connect to DB		
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");		
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE.");	
// All appears well, so enter into database				
$query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='$id'";

$result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB");	
//setup an email to the Admin @ hof, w/o attachment			
$emailto="xx@xxx.co.uk";		
$emailfrom="no-reply@xxxx.co.uk";		
$emailsubject="xx Record Updated";		
$emailmessage="Hello Registrar\
\
";		
$emailmessage.="News ID: ".$id."\
";		
$emailmessage.="Updated on: ".$timestamp."\
\
";		
$emailmessage.="Status was: ".$nstatus."\
";		
$emailmessage.="Status now: ".$newfnstatus."\
";		
$emailmessage.="Thank you,\
\
";		
$emailmessage.="Web Site ROBOT\
";		
$emailmessage.="(Administrator)\
";		
$emailmessage.="xxx.co.uk | xxx.biz\
";		
$emailmessage.="----------------------------------------------\
";		
$emailmessage.="e. http://www.xxx.co.uk/contact.php\
";		
$emailmessage.="w. http://www.xxx.co.uk\
";		
$emailheader="From: xxx.co.uk<$emailfrom>";
$emailheader  .= 'Cc: xxx@xxx.co.uk'."\\r\
";
$emailheader  .= 'Bcc: xxx@xxxxx.co.uk'."\\r\
";		
$ok=mail($emailto,$emailsubject,$emailmessage,$emailheader);		
mysql_close($connection);			
if ($ok)
 {		
 header("Location: list.php"); 
 /* Redirect browser */		
 exit;	
 } else {		
 $errmsg="There was a problem, please try later or telephone us direct.";		
 $errsta="1";		
 include("edit_error.html");		
 //echo "<p>Mail could not be sent. Sorry!</p>";		
 exit;	
 }		
 ?>

Thanks in advance

2

Where do you set the values for $id, $nstatus etc in status_update.php ?

3

Ok it seems like my issue

if ($ok)
 {        
 header("Location: list.php"); 
 /* Redirect browser */        
 exit;

when it redirects to a valid page it doesnt update but if i redirect to page that doesnt exist on my server the update works even
how can i fix so it redirects to a page that exist and update??

4

Ok i found another problem whenever i refresh the form page it resets the value to to old status example when i set status off takes i redirect to page that doesnt exist give me the non exist page error when i use the brwoser to go back the status stays changed but as soon i refresh the page the statust goes back resets itself.

seems like something wrong on this form page help please?

5

Could you answer this question please? Just to rule out a first possible cause of your problems.

6

Hi i think its doen on the form i have posted the first part here
<input type=“hidden” name=“nstatus” value=“<?php echo $row[news_status]; ?>” />
but i am guessing thats not what you mean so probably your assumption already right. do you think that is the reason why is not working and if so how can i fix it please??

7

I think that script depends on register_globals being ON. But (and I quote the php manual)

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

And it seems that it’s OFF on your server, as it should be.

So you can find the form field values in the $_POST array. At the top of the script, put the value in the variables you use in the rest of the script. You should also add some validation of the user input, and use mysql_real_escape_string() on the values before using them in a query.

For example:


$id = '';
if (isset($_POST['id'])) $id = $_POST['id'];

And then in the query:


$id = '';
$query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='" . mysql_real_escape_string($id) . "'";

I’m using mysql_real_escape_string on $id because from your query it seems it’s a string (it’s put between quotes). If it’s a number, then you could sanitize it casting it as an (int).

8

Anyone any idead where i am going wrong with this code that is not updating??

<?php
/*    echo "fstatus: ".$fstatus."<BR>";    
echo "id: ".$id."<BR>";    
echo "fclient: ".$fclient."<BR>";    
echo "newfstatus: ".$newfstatus."<BR>";*/    
//set the date of agreement        
$timestamp = date('l jS \\of F Y h:i:s A');    
//get the DB connection variables        
include("../../../includes/config.php");
//connect to DB        
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");        
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE.");    
// All appears well, so enter into database                
$query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='$id'";

$result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB");    
//setup an email to the Admin @ hof, w/o attachment            
$emailto="xx@xxx.co.uk";        
$emailfrom="no-reply@xxxx.co.uk";        
$emailsubject="xx Record Updated";        
$emailmessage="Hello Registrar\
\
";        
$emailmessage.="News ID: ".$id."\
";        
$emailmessage.="Updated on: ".$timestamp."\
\
";        
$emailmessage.="Status was: ".$nstatus."\
";        
$emailmessage.="Status now: ".$newfnstatus."\
";        
$emailmessage.="Thank you,\
\
";        
$emailmessage.="Web Site ROBOT\
";        
$emailmessage.="(Administrator)\
";        
$emailmessage.="xxx.co.uk | xxx.biz\
";        
$emailmessage.="----------------------------------------------\
";        
$emailmessage.="e. http://www.xxx.co.uk/contact.php\
";        
$emailmessage.="w. http://www.xxx.co.uk\
";        
$emailheader="From: xxx.co.uk<$emailfrom>";
$emailheader  .= 'Cc: xxx@xxx.co.uk'."\\r\
";
$emailheader  .= 'Bcc: xxx@xxxxx.co.uk'."\\r\
";        
$ok=mail($emailto,$emailsubject,$emailmessage,$emailheader);        
mysql_close($connection);            
if ($ok)
 {        
 header("Location: list.php");
 /* Redirect browser */        
 exit;    
 } else {        
 $errmsg="There was a problem, please try later or telephone us direct.";        
 $errsta="1";        
 include("edit_error.html");        
 //echo "<p>Mail could not be sent. Sorry!</p>";        
 exit;    
 }        
 ?>
Parsed in 0.319 seconds, using GeSHi 1.0.8.4
9

:shifty:
Weren’t we already talking about that? Did you read my post? Did you try to modify your code?
If you don’t understand what I tried to explain, just say so, instead of ignoring my post and repost your question and code again.

10

Hi sorry i dont think i had refreshed this page but the time i send my last post i didnt see your last post.
ok i have modified like you sugested me but still didnt work
this how have done.

<?php
/*	echo "fstatus: ".$fstatus."<BR>";	
echo "id: ".$id."<BR>";	
echo "fclient: ".$fclient."<BR>";	
echo "newfstatus: ".$newfstatus."<BR>";*/	
//set the date of agreement		
$id = '';
if (isset($_POST['id'])) $id = $_POST['id'];  
$timestamp = date('l jS \\of F Y h:i:s A');	
//get the DB connection variables		
include("../../../includes/config.php");	
//connect to DB		
$connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT.");		
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE.");	
// All appears well, so enter into database				
$id = '';
$query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='" . mysql_real_escape_string($id) . "'";  
$result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB");	
//setup an email to the Admin @ hof, w/o attachment			
$emailto="xxxx@xxxx.co.uk";		
$emailfrom="no-reply@xxxx.co.uk";		
$emailsubject="xxxxxRecord Updated";		
$emailmessage="Hello Registrar\
\
";		
$emailmessage.="News ID: ".$id."\
";		
$emailmessage.="Updated on: ".$timestamp."\
\
";		
$emailmessage.="Status was: ".$nstatus."\
";		
$emailmessage.="Status now: ".$newfnstatus."\
";		
$emailmessage.="Thank you,\
\
";		
$emailmessage.="Web Site ROBOT\
";		
$emailmessage.="(Administrator)\
";		
$emailmessage.="xxxx.co.uk | xxxx.biz\
";		
$emailmessage.="----------------------------------------------\
";		
$emailmessage.="e. http://www.xxxx.co.uk/contact.php\
";		
$emailmessage.="w. http://www.xxxxx.co.uk\
";		
$emailheader="From: xxxxx.co.uk<$emailfrom>";
$emailheader  .= 'Cc: xxx@xxxx.co.uk'."\\r\
";
$emailheader  .= 'Bcc: xxxx@xxxx.co.uk'."\\r\
";		
$ok=mail($emailto,$emailsubject,$emailmessage,$emailheader);		
mysql_close($connection);			
if ($ok)
 {		
 header("Location: list.php"); 
 /* Redirect browser */		
 exit;	
 } else {		
 $errmsg="There was a problem, please try later or telephone us direct.";		
 $errsta="1";		
 include("edit_error.html");		
 //echo "<p>Mail could not be sent. Sorry!</p>";		
 exit;	
 }		
 ?>
11

You have to do this with all the variables you use in your script and that should contain a value that comes from the form.
Not just $id, all of them. I took $id as an example.