UPDATE PHP what's the problem?

K

koroteev_d2015-11-29 22:12:19

PHP

koroteev_d, 2015-11-29 22:12:19

Good evening .. I'll go straight to the body.
There is a piece of code to update a record in the database

function get_edit_item_form()
{
echo '<h2>Редактировать</h2>';
$query = 'SELECT * FROM lection WHERE id='.$_GET['id'];
$res = mysql_query( $query );
$item = mysql_fetch_array( $res );
echo '<form name="editform" action="'.$_SERVER['PHP_SELF'].'?action=update&id='.$_GET['id'].'" method="POST">';
echo '<table>';
echo '<tr>';
echo '<td>Наименование</td>';
echo '<td><input type="text" name="title" value="'.$item['LectionTitle'].'"></td>';
echo '</tr>';
echo '<tr>';
echo '<td>Описание</td>';
echo '<td><input type="number" name="description">'.$item['IncludedFileID'].'></td>';
echo '</tr>';
echo '<tr>';
echo '<td><input type="submit" value="Сохранить"></td>';
echo '<td><button type="button" onClick="history.back();">Отменить</button></td>';
echo '</tr>';
echo '</table>';
echo '</form>';
}
 
// Функция обновляет запись в таблице БД 
function update_item()
{
$title = mysql_escape_string( $_POST['title'] );
$description = mysql_escape_string( $_POST['description'] );
$FID=(int)$description;
$query = "UPDATE lection SET LectionTitle='".$title."', IncludedFileID='".$FID."'
WHERE id=".$_GET['id'];
echo $query;
mysql_query ( $query ) or die (mysql_error());
 
echo "<br>";
//var_dump($_POST);
echo "<br>";
echo "<font color='red'>$FID</font>";
 
    echo '<meta http-equiv="Refresh" content="15;url=./lection.php"/>'; 
}

Attention to the question, if you directly set values in the LectionTitle and IncludedFileID fields, that is,
LectionTitle = 'e', IncludedFileID='1'
everything works, the data in the database is updated.
As soon as I try to put variables there, everything falls down and nothing happens. Rather, even - the fields are filled with zeros
, I displayed a variable with a request through echo, when I inserted variables, it turned out:

UPDATE `lection` SET `LectionTitle` = 'fwfw', `IncludedFileID` = '23535' WHERE id=131

P.S. the code for adding a new record works

function add_item()
{
$LectionTitle = mysql_escape_string( $_POST['LectionTitle'] );
$IncludedFileID = mysql_escape_string( $_POST['IncludedFileID'] );
$query = "INSERT INTO lection (LectionTitle, IncludedFileID) VALUES ('".$LectionTitle."', '".$IncludedFileID."');";
mysql_query ( $query );
    echo '<meta http-equiv="Refresh" content="2;url=./lection.php"/>'; 
die();
}

Dumps:

array(2) { ["title"]=> string(2) "24" ["description"]=> string(1) "2" } 
string(68) "UPDATE lection SET LectionTitle='24', IncludedFileID='2' WHERE id=2"

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

koroteev_d, 2015-11-30
@koroteev_d

function update_item()
{
$title = mysql_escape_string( $_POST['title'] );
$description = mysql_escape_string( $_POST['description'] );
$FID=(int)mysql_escape_string( $_POST['description'] );

$query = "UPDATE `lection` SET `LectionTitle`=$title, `IncludedFileID`=$FID WHERE id=".$_GET['id'];

echo $query;
mysql_query ( $query ) or die (mysql_error());
 mysql_query(' SET AUTOCOMMIT=1 ');

    echo '<meta http-equiv="Refresh" content="5;url=./lection.php"/>'; 
}

A working version, if anyone needs
UP.
By the way - autocommit, as it turned out, did not solve the problem.
Solved the problem - transferring functions to separate files. Now everything works.

N

nozzy, 2015-12-01
@nozzy

echo '<h2>Редактировать</h2>';
$query = 'SELECT * FROM lection WHERE id='.$_GET['id'];

So editing is very bad, the villains can edit the database for you.