Updating database information

PHP
1

I’m working on a calendar that connects to a database. I’m setting up a page that a user can log onto to enter information into the calendar for specific dates. That part works, but now I’m trying to set up Modify and Delete features, the Delete seems to work okay(for now) but the modify/update just adds another entry rather than changes the pre-existing one.
I have it set up on two pages; the calendar page that creates the calendar and allows the posted events to be viewed, and an eventform page that keeps the form for both the original entry and the modified entry.
This is what I have so far:

link from calendar to eventform:

echo “<a href='”.$_SERVER[‘PHP_SELF’].“?id=”.$events[ID].“&month=”.$month.“&day=”.$day.“&year=”.$year."&m=true’>Modify User </a>

eventform:

if(isset($_GET[‘m’])){

if (!isset($_POST[‘btnadd’])){
$id = mysql_real_escape_string($_GET[id]);
$q = “SELECT * FROM eventscalendar where ID =”.$id;
$result = mysql_query($q);
$events = mysql_fetch_array($result) ;

		$holVal = $events['holiday'];	
		$ehVal = $events['heading'];
		$e1Val = $events['event1'];
		$e2Val = $events['event2'];
		$e3Val = $events['event3'];
		$e4Val = $events['event4'];
		$fID = $events['ID'];
		$fEDate = $month."/".$day."/".$year;
		$fDAdded = $events['dateAdded'];
		$buttonName = "Modify";

}else if (isset($_POST['btnadd'])){
		
		$sqlinsert = "UPDATE eventscalendar SET `holiday`='".$holiday."',`heading`='".$eventheading."', `event1`='".$event1."', `event2`='".$event2."', `event3`='".$event3."', `event4`='".$event4."',`dateAdded`= now() WHERE ID = $_POST[id]";
		
		
		$holiday = mysql_real_escape_string ($_POST['holiday']);
		$eventheading = mysql_real_escape_string  ($_POST['eventheading']);
		$event1 = mysql_real_escape_string  ($_POST['eDesc1']);
		$event2 = mysql_real_escape_string ($_POST['eDesc2']);
		$event3 = mysql_real_escape_string ($_POST['eDesc3']);
		$event4 = mysql_real_escape_string ($_POST['eDesc4']);
			
		$resultinsert = mysql_query($sqlinsert) or die (mysql_error());
		if($resultinsert){
			header ('Location: calendar.php');
			echo "Event was successfully modified";
			}else{
			echo "Event failed to be modified";
		}
	}

}

Can anyone tell me why the UPDATE function isn’t updating? I’m not receiving any errors off of this code, but it’s clearly not working right.
I’m a newbie to php and I’m really just teaching myself from online tutorials and examples.

Thank you for any guidance that anyone might be able to give me.

2

You can’t use quotes around column names, instead use backticks. So:

`Phone 2`
3

sorry to piggyback this thread… but i am getting an error when i try to use update. My code has the same type of idea as above.

$table = mysql_real_escape_string($_POST['table']);
    $name=mysql_real_escape_string($_POST['cname']);
    $address=mysql_real_escape_string($_POST['caddress']);
    $phone=mysql_real_escape_string($_POST['cphone']);
    $phone2=mysql_real_escape_string($_POST['cphone2']);
    $fax=mysql_real_escape_string($_POST['cfax']);
    $email=mysql_real_escape_string($_POST['cemail']);
    $web=mysql_real_escape_string($_POST['cweb']);

    if($table =='yellow01') {//for yellow pages
        $class=mysql_real_escape_string($_POST['cclass']);
        $image=mysql_real_escape_string($_POST['cimage']);
        $hours=mysql_real_escape_string($_POST['chours']);
        $services=mysql_real_escape_string($_POST['cservices']);
        $About=mysql_real_escape_string($_POST['cAbout']);
    }

 $query ="UPDATE $table SET Address = '$address' , 'Phone 2' = '$phone2', Fax ='$fax', Email='$email', Web ='$web' WHERE Name LIKE '$name&#37;' AND Phone =$phone";

    $result=mysql_query($query) or die ('Error updating database: ' . mysql_error());

But I get this error when it runs:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘Phone 2’ = ‘’, Fax =’‘, Email=’‘, Web =’’ WHERE Name LIKE ‘’

4

Thank you so much for your help. Again it wasn’t anything that I thought it was. But after viewing your cleaned up code, I realized that my action for the form was creating a url that sent the data through the same process that my original data was going through, hence creating a new ID.

So I set a variable for the url where add=true on the first round and mod=true on the modification.

if(isset($_GET['v'])){
$holVal = "";	
$ehVal = "";
$e1Val = "";
$e2Val = "";
$e3Val = "";
$e4Val = "";
$fID = "";
$fEDate = "";
$fDAdded = "";
$buttonName = "Add";
$urlAction = $_SERVER["PHP_SELF"]."?id=".$events['ID']."&month=". $month."&day=". $day."&year=". $year."&f=true&add=true";
}

if(isset($_GET['m'])){
	
			$id = mysql_real_escape_string($_GET['id']);
			$q = "SELECT * FROM eventscalendar WHERE ID =".$id;
			$result = mysql_query($q);
			$events = mysql_fetch_array($result) ;
			
			$urlAction = $_SERVER["PHP_SELF"]."?id=".$events['ID']."&month=". $month."&day=". $day."&year=". $year."&f=true&mod=true";
			$holVal = $events['holiday'];	
			$ehVal = $events['heading'];
			$e1Val = $events['event1'];
			$e2Val = $events['event2'];
			$e3Val = $events['event3'];
			$e4Val = $events['event4'];
			$fID = $events['ID'];
			$fEDate = $month."/".$day."/".$year;
			$fDAdded = $events['dateAdded'];
			$buttonName = "Modify";
}
?>

Then I moved the ELSE statement on ‘btnadd’ to the calendar.php:

&lt;?php 
	if(isset($_GET['mod'])){
			
			$id = (int) $_POST['id'];
			$holiday = mysql_real_escape_string ($_POST['holiday']);
			$eventheading = mysql_real_escape_string  ($_POST['eventheading']);
			$event1 = mysql_real_escape_string  ($_POST['eDesc1']);
			$event2 = mysql_real_escape_string ($_POST['eDesc2']);
			$event3 = mysql_real_escape_string ($_POST['eDesc3']);
			$event4 = mysql_real_escape_string ($_POST['eDesc4']);
			
			$sqlinsert = "UPDATE eventscalendar SET `holiday`='".$holiday."',`heading`='".$eventheading."', `event1`='".$event1."', `event2`='".$event2."', `event3`='".$event3."', `event4`='".$event4."',`dateAdded`= now() WHERE ID =". $id;
			
			
			$resultinsert = mysql_query($sqlinsert) or die (mysql_error());
			if($resultinsert){

				echo "Event was successfully modified";
				}else{
				echo "Event failed to be modified";
			}
		}
	
	?&gt;

It seems to work pretty well. Thanks again for helping me with this. Twice now:) I really appreciate it.

I’m sure another roadblock of some type will come along again soon and I’ll probably be back on here then.

5

I’ve tidied up you’re code to show what you should be doing and hopefully help find were you’re going wrong:

if (isset($_GET['m']))
{
	if (!isset($_POST['btnadd']))
	{
		$id = mysql_real_escape_string($_GET['id']);
		$q = "SELECT * FROM eventscalendar where ID =".$id;
		$result = mysql_query($q);
		$events = mysql_fetch_array($result) ;

		$holVal = $events['holiday'];	
		$ehVal = $events['heading'];
		$e1Val = $events['event1'];
		$e2Val = $events['event2'];
		$e3Val = $events['event3'];
		$e4Val = $events['event4'];
		$fID = $events['ID'];
		$fEDate = $month."/".$day."/".$year;
		$fDAdded = $events['dateAdded'];
		$buttonName = "Modify";
	}
	else
	{
		/* To see the values being posted, uncomment the next line */
		// print_r ($_POST); exit;
		
		$id = (int) $_POST['id'];
		$holiday = mysql_real_escape_string ($_POST['holiday']);
		$eventheading = mysql_real_escape_string ($_POST['eventheading']);
		$event1 = mysql_real_escape_string ($_POST['eDesc1']);
		$event2 = mysql_real_escape_string ($_POST['eDesc2']);
		$event3 = mysql_real_escape_string ($_POST['eDesc3']);
		$event4 = mysql_real_escape_string ($_POST['eDesc4']);
		
		$sqlinsert = "UPDATE eventscalendar SET `holiday`='".$holiday."',`heading`='".$eventheading."', `event1`='".$event1."', `event2`='".$event2."', `event3`='".$event3."', `event4`='".$event4."',`dateAdded`= now() WHERE ID = " . $id;
		
		/* If you want to see what the query looks like, uncomment the next line */
		// echo $sqlinsert; exit;

		$resultinsert = mysql_query($sqlinsert) or die (mysql_error());
		
		if ($resultinsert)
		{
			header ('Location: calendar.php');
			echo "Event was successfully modified";
		}
		else
		{
			echo "Event failed to be modified";
		}
	}
}
6

I moved my values above the query, and I tried inserting the lines suggested, but so far can see no change.

I’m not completely sure how I was supposed to insert those lines but I tried several different places and the most I got was

array{
}

from

echo '<pre>';
     print_r($_POST);
  echo '</pre>';

also there are no errors coming off of my code. All the information is being added to the database, it’s just that the ID keeps stepping up.

I have my the eventDate staying the same, but I can’t seem to pull my data by that either. Theoretically I’ll only want one ID per eventDate so if I could make that work that would be okay too.

7

The values that you are putting into the update query don’t actually exist at that point (except the $_POST[‘id’]), you’re creating them after, which won’t work.

Also, do not just pass the id straight into the query, you need to sanitize it like you did before:

$id = (int) $_POST['id'];

$sqlinsert = "... WHERE id = " . $id;
8

Try inserting these lines in the approriate places.


  
   // show all errors
  error_reporting(E_ALL | E_NOTICE);
  ini_set('display_errors', LOCALHOST ? 'On' : 'Off');

  // show what has been posted
  echo '<pre>';
     print_r($_POST);
  echo '</pre>';

  // show what you hope to insert :)
  echo $sqlinsert;
  
  // temporary stop until you manage to insert your data
  die;

.