How to let update a row in Mysql using php

I want to let the user update their entry. I have a column for both the "id" and "username" and want both to match. This is the code I'm using but not working.
<?php
session_start();
$error="";
$id = (int)$_GET['id'];
$id = substr($id, 0,5);
if($id < 1 || $id > 99999) exit;


	$servername	= "localhost";
	$username	= "";
	$password	= "";
	
	$conn=  mysql_connect($servername,$username,$password)or die(mysql_error());
				mysql_select_db("genesis_apts",$conn);
			
			$sql = "UPDATE boats SET title  = '".$_POST[mysql_real_escape_string('title')]."' WHERE id = '".$id."' AND username = '".$myusername."'";
			$result = mysql_query($sql,$conn) or die(mysql_error());
			
			echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br /><h1>You Have Successfully Modified Ad</h1>";
			echo "<p>&nbsp;</p><p>&nbsp;</p><br /><a href='../../index.php'>go to Account page</a>";
?>

Open in new window

genesisvhAsked:
Who is Participating?
 
hmarcbowerCommented:
OK, so there is a pager before this one, then, that picks up the 'id' value.  When you click submit on this form, there doesn't appear to be any way that the id is being passed from this page to the modify page.  Try this:

Add a line into your form:

<input type="hidden" name="id" value="<?php echo $id; ?>">

Then change the top of your modify page where it reads in the ID from $_GET to $_POST.

Also, there is still nowhere that the $myusername variable is being passed to this page.

What page leads to the form?
0
 
FapikoCommented:
Try updating line 16 to read:
$sql = "UPDATE boats SET title  = '".mysql_real_escape_string($_POST['title'])."' WHERE id = '".$id."' AND username = '".$myusername."'";

Open in new window


You were wrapping the $_POST array index with mysql_real_escape_string which doesn't actually escape the string for you, only the word 'title'.
0
 
genesisvhAuthor Commented:
Thanks Fapiko, but I still don't know how the user can update an entry in Mysql using php. What I'm trying to do is have the user click his entry in his account page where it leads you to a html form. There he or she fills out the form where on this form it updates that row but making sure it belongs to that id and the user ".$myusername."  I'm still having trouble I wrote this now and nothing. Can anyone please help?
<?php
session_start();
$error="";
$id = (int)$_POST['id'];
$id = substr($id, 0,5);
if($id < 1 || $id > 99999) exit;
 
          $servername = "localhost";
	  $username = "";
	  $password = "";
	
	      $conn=  mysql_connect($servername,$username,$password)or die(mysql_error());
				mysql_select_db("",$conn);
				
          $sql = "UPDATE 'boats' SET 'title' = '".mysql_real_escape_string($_POST['title'])."' WHERE 'id' = '".$id."' AND 'username' = '".$myusername."'";
		  
      //replace news with your table name above
      $result = mysql_query($sql,$conn) or die(mysql_error());
	  
      echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br /><h1>You Have Successfully Modified the Ad</h1>";
	  echo "<p>&nbsp;</p><p>&nbsp;</p><br /><a href='../../index.php'>go to Account page</a>";
?>

Open in new window

0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
hmarcbowerCommented:
Where is $myusername coming from?  If it's being passed from the previous page through the form, then you will probably need to use $_POST['myusername'] instead.
0
 
hmarcbowerCommented:
Also, you don't need single quotes around column names in your table or the id value if it's numeric.  Try this one:

$sql = "UPDATE boats SET title = '".mysql_real_escape_string($_POST['title'])."' WHERE id = ".$id." AND username = '".$myusername."'";

Open in new window

0
 
hmarcbowerCommented:
Sorry, didn't include my own suggestion. :)
$sql = "UPDATE boats SET title = '".mysql_real_escape_string($_POST['title'])."' WHERE id = ".$id." AND username = '".$_POST['myusername']."'";

Open in new window

0
 
genesisvhAuthor Commented:
Neither of them worked, the myusername is being passed from the previous page but nothing is being updated.
0
 
hmarcbowerCommented:
OK, can you add this line after your $sql= line?

echo $sql;

And then see what it's interpreting for your sql statement.
0
 
genesisvhAuthor Commented:
The page is blank.
0
 
hmarcbowerCommented:
Ah, ok.  At the top of your script, after the session_start() line, put these lines:

error_reporting(E_ALL);
ini_set('display_errors','On');

Open in new window


and try it again.

0
 
genesisvhAuthor Commented:
Notice: Undefined index: id in /home/genesis/public_html/user/rentals/boats/modifyform.php on line 6
0
 
genesisvhAuthor Commented:
line would be this $id = (int)$_POST['id'];
0
 
hmarcbowerCommented:
Do you have a field with a name="id" on the form that sends you to this page?
0
 
hmarcbowerCommented:
Sorry, stupid question... it's a GET not a POST.  Did you add ?id=something to the end of your URL when you tested it?  Or does that get added to the link you follow to load this php page?
0
 
hmarcbowerCommented:
Wait... no, you changed it from GET to POST somewhere along the way. :)  so back to the original question about a form field that has a name of 'id'
0
 
genesisvhAuthor Commented:
On top of the of the form page that comes previously I have this code below. On the the form the id does appear on the url "modify_form.php?id=1"
<?php
session_start();
$id = (int)$_GET['id'];
$id = substr($id, 0,5);
if($id < 1 || $id > 99999) exit;
$con = mysql_connect("localhost","","");
	if (!$con)
 	{
 	 die('Could not connect: ' . mysql_error());
 	 }

	mysql_select_db("s", $con);

	$result = mysql_query("SELECT * FROM boats WHERE `username` = '".$myusername."'");
?>

Open in new window

0
 
hmarcbowerCommented:
Could you post your other form page as well?
0
 
genesisvhAuthor Commented:
This is the form:
<?php
session_start();
$id = (int)$_GET['id'];
$id = substr($id, 0,5);
if($id < 1 || $id > 99999) exit;
$con = mysql_connect("localhost","","");
	if (!$con)
 	{
 	 die('Could not connect: ' . mysql_error());
 	 }

	mysql_select_db("", $con);

	$result = mysql_query("SELECT * FROM boats WHERE `username` = '".$myusername."'");
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<script src="SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryValidationTextField.css" rel="stylesheet" type="text/css" />
</head>

<body>
<script language=JavaScript>
<!--

//Disable right mouse click Script
//By Maximus (maximus@nsimail.com) w/ mods by DynamicDrive
//For full source code, visit http://www.dynamicdrive.com

var message="Function Disabled!";

///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}

function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}

if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}

document.oncontextmenu=new Function("alert(message);return false")

// --> 
</script>
<p>BACK TO <a href="../../index.php">ACCOUNT PAGE</a>	</p>
<p><a href="../../logout.php">LOGOUT</a></p>
<p>USE THIS FORM TO POST!</p>
<form method="POST" action="modifyform.php" enctype="multipart/form-data">
  <table width="601" border="0">
  <tr>
    <td width="70" height="68"><div align="right"><span style="color: #F00">*</span>Title</div></td>
    <td width="13"><div align="center">:</div></td>
    <td width="504"><label for="title"></label>
      <span id="sprytextfield4">
      <input name="title" type="text" id="title" size="70" maxlength="75" />
      <span class="textfieldRequiredMsg"><br />
      A value is required.</span><span class="textfieldMinCharsMsg">Minimum number of characters not met.</span></span></td>
  </tr>
  <tr>
   
  <tr>
    <td colspan="3"><input type="submit" name="button" id="button" value="Submit" />
    <input type="reset" name="button2" id="button2" value="Reset" /></td>
  </tr>
</table>
</FORM>

<script type="text/javascript">
var sprytextfield1 = new Spry.Widget.ValidationTextField("rental_title", "none", {minChars:10});
var sprytextfield2 = new Spry.Widget.ValidationTextField("currency", "currency", {minValue:1});
var sprytextfield3 = new Spry.Widget.ValidationTextField("rental_fee", "none", {minChars:12});
var sprytextfield4 = new Spry.Widget.ValidationTextField("sprytextfield4", "none", {minChars:1});
var sprytextfield5 = new Spry.Widget.ValidationTextField("rental_phone", "phone_number", {isRequired:false});
</script>

</body>
</html>

Open in new window

0
 
genesisvhAuthor Commented:
This is the page. index.php
<?php
session_start();
include ('include.php');
echo "<p>&nbsp;</p>Welcome $myusername<p>&nbsp;</p>";
echo '<table width="599" border="0" align="center" bgcolor="#33CCFF">
  <tr>
    <td width="180" bgcolor="#33CCFF"><div align="center"><a href="profile.php">Profile</div></td>
    <td width="191" bgcolor="#33CCFF"><div align="center"><a href="posting_form.php">Post</a></div></td>
    <td width="214" bgcolor="#33CCFF"><div align="center"><a href="logout.php">Logout</a></div></td>';
	$con = mysql_connect("localhost","","");
	if (!$con)
 	{
 	 die('Could not connect: ' . mysql_error());
 	 }

	mysql_select_db("", $con);

	$result = mysql_query("SELECT * FROM boats WHERE `username` = '".$myusername."'");
	
	echo "<p>&nbsp;</p>Boats</p>";
	echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> 
<tr>
<th> id </th> 
<th> Title </th> 
<th> Date Modified </th>
</tr>";
				
		while($row = mysql_fetch_array($result))
  {
echo "<tr>";
echo "<td><a href='rentals/boats/modify_form.php?id=".$row['id']."'>" . $row['id'] . "</a></td>"; 
echo "<td>" . $row['title'] . "</td>"; 
echo "<td>" . $row['time'] . "</td>";
echo "</tr>"; 

} 

echo "</table>";
?>

Open in new window

0
 
hmarcbowerCommented:
And does it actually say "Welcome arealnamehere" when you load that page?  If so, include.php must have that variable declared because it's nowhere to be found here... :)
0
 
genesisvhAuthor Commented:
It is posting the changes, but I'm getting an error when it gets posted as saying undefined error on line 17 on the modify page but it is working. Just have to figure how to fix that. The myusername is coming from when the user logs in. I just want to be sure that no one can change the id on the url and change someone else's posting. Thanks so much for your help though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.