Solved

How do I fix this MySQL UPDATE statement

Posted on 2011-02-24
3
344 Views
Last Modified: 2012-06-21
Experts,
What is the proper way to construct this MySQL UPDATE statement?

Thanks for your help!


<?php
include("global.inc3.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','id');
pt_register('POST','Date');
pt_register('POST','LastName');
pt_register('POST','FirstName');
pt_register('POST','Address');
pt_register('POST','Phone1');
pt_register('POST','Phone2');
pt_register('POST','Friend1Name');
pt_register('POST','Friend1Phone');
pt_register('POST','Friend2Name');
pt_register('POST','Friend2Phone');
pt_register('POST','Friend3Name');
pt_register('POST','Friend3Phone');

if($errors==1) echo $error;
else{
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
$message="id: ".$id."
Date: ".$Date."
Last Name: ".$LastName."
Last Name: ".$FirstName."
Address: ".$Address."
Primary Phone: ".$Phone1."
Secondary Phone: ".$Phone2."
Friend/Relative Name 1: ".$Friend1Name."
Friend/Relative Phone 1: ".$Friend1Phone."
Friend/Relative Name 2: ".$Friend2Name."
Friend/Relative Phone 2: ".$Friend2Phone."
Friend/Relative Name 3: ".$Friend3Name."
Friend/Relative Phone 3: ".$Friend3Phone."
";
$message = stripslashes($message);
mail("my email","org",$message,"From: me");
$link = mysql_connect("HOST","347UN","PW");
mysql_select_db("DB",$link);

$query="UPDATE seniorslist SET Address = ".$Address.",Phone1 = ".$Phone1.",Phone2 = ".$Phone2.",Friend1Name = ".$Friend1Name.",Friend1Phone = ".$Friend1Phone.",Friend2Name = ".$Friend2Name.",Friend2Phone = ".$Friend2Phone.",Friend3Name = ".$Friend3Name.",Friend3Phone = ".$Friend3Phone." WHERE id = $id";
mysql_query($query);


header("Refresh: 0;url=http://www.url.com/NewSite/seniorwatch_view.php?id=$id"); 
?><?php 
}
?>

Open in new window

0
Comment
Question by:rlb1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
sergiobg57 earned 350 total points
ID: 34971709
Just the query?
Then it's this way.(look at the code snippet or below)

"UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone' WHERE id = '$id' "

_________________________
Sergio C.





"UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone' WHERE id = '$id' "

Open in new window

0
 
LVL 3

Assisted Solution

by:LFLFM
LFLFM earned 150 total points
ID: 34974072
Is all this data coming from the user?
If so, did you mysql_real_escape_string() it?
example:
$Address = mysql_real_escape_string($Address);

Open in new window

If you haven't, then do so for every single string that gets sent to a database... ;-)

Here is your update code:
$query="UPDATE seniorslist SET Address = '$Address', Phone1 = '$Phone1', Phone2 = '$Phone2', Friend1Name = '$Friend1Name', Friend1Phone = '$Friend1Phone', Friend2Name = '$Friend2Name', Friend2Phone = '$Friend2Phone', Friend3Name = '$Friend3Name', Friend3Phone = '$Friend3Phone." WHERE id = '$id'";

Open in new window

0
 

Author Closing Comment

by:rlb1
ID: 34976906
Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question