Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

How do I fix this MySQL UPDATE statement

Experts,
What is the proper way to construct this MySQL UPDATE statement?

Thanks for your help!


<?php
include("global.inc3.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','id');
pt_register('POST','Date');
pt_register('POST','LastName');
pt_register('POST','FirstName');
pt_register('POST','Address');
pt_register('POST','Phone1');
pt_register('POST','Phone2');
pt_register('POST','Friend1Name');
pt_register('POST','Friend1Phone');
pt_register('POST','Friend2Name');
pt_register('POST','Friend2Phone');
pt_register('POST','Friend3Name');
pt_register('POST','Friend3Phone');

if($errors==1) echo $error;
else{
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
$message="id: ".$id."
Date: ".$Date."
Last Name: ".$LastName."
Last Name: ".$FirstName."
Address: ".$Address."
Primary Phone: ".$Phone1."
Secondary Phone: ".$Phone2."
Friend/Relative Name 1: ".$Friend1Name."
Friend/Relative Phone 1: ".$Friend1Phone."
Friend/Relative Name 2: ".$Friend2Name."
Friend/Relative Phone 2: ".$Friend2Phone."
Friend/Relative Name 3: ".$Friend3Name."
Friend/Relative Phone 3: ".$Friend3Phone."
";
$message = stripslashes($message);
mail("my email","org",$message,"From: me");
$link = mysql_connect("HOST","347UN","PW");
mysql_select_db("DB",$link);

$query="UPDATE seniorslist SET Address = ".$Address.",Phone1 = ".$Phone1.",Phone2 = ".$Phone2.",Friend1Name = ".$Friend1Name.",Friend1Phone = ".$Friend1Phone.",Friend2Name = ".$Friend2Name.",Friend2Phone = ".$Friend2Phone.",Friend3Name = ".$Friend3Name.",Friend3Phone = ".$Friend3Phone." WHERE id = $id";
mysql_query($query);


header("Refresh: 0;url=http://www.url.com/NewSite/seniorwatch_view.php?id=$id"); 
?><?php 
}
?>

Open in new window

0
rlb1
Asked:
rlb1
2 Solutions
 
sergiobg57Commented:
Just the query?
Then it's this way.(look at the code snippet or below)

"UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone' WHERE id = '$id' "

_________________________
Sergio C.





"UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone' WHERE id = '$id' "

Open in new window

0
 
LFLFMCommented:
Is all this data coming from the user?
If so, did you mysql_real_escape_string() it?
example:
$Address = mysql_real_escape_string($Address);

Open in new window

If you haven't, then do so for every single string that gets sent to a database... ;-)

Here is your update code:
$query="UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone." WHERE id = '$id'";

Open in new window

0
 
rlb1Author Commented:
Thanks!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now