The page I want to update is similar to "http:www.hospiceslo.org/events.php"
(read only). On my update page I've got the same table as a FORM where the
client can make changes to the fields. The problem I'm having is updating
the MySQL data base with the content of the form. I have no clue and would
like to know where to start. Can I get some pointers to references or
examples, even suggestions, on how this can be successfully done?

Ronald Schow wrote:
> The page I want to update is similar to "http:www.hospiceslo.org/events.php"
> (read only). On my update page I've got the same table as a FORM where the
> client can make changes to the fields. The problem I'm having is updating
> the MySQL data base with the content of the form. I have no clue and would
> like to know where to start. Can I get some pointers to references or
> examples, even suggestions, on how this can be successfully done?

Without checking what the user has sent

//assume you have already connected to the database
//if not see the online manual for mysql_connect()
$query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
keycolumn='{$_REQUEST['keycolumn']}'";
mysql_query($query);

In your form you have a hidden field keycolumn which has the rows primary key
value and then you name the options that the user can update for column1,
column2, ...


--

//Aho

J.O. Aho wrote:

> $query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
> column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
> keycolumn='{$_REQUEST['keycolumn']}'";

Argh!

$query = sprintf("UPDATE tablename"
." SET column2='%s', column3='%s'"
." WHERE column1='%s';"
,mysql_real_escape_string($_REQUEST['column2'])
,mysql_real_escape_string($_REQUEST['column3'])
,mysql_real_escape_string($_REQUEST['column1'])
);

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]

PHP Linkifier
http://tobyinkster.co.uk/blog/2007/07/18/linkify/

"Toby A Inkster" <usenet200707 [at] tobyinkster.co.uk> wrote in message
news:j4v0n4-mvu.ln1 [at] ophelia.g5n.co.uk...
> J.O. Aho wrote:
>
>> $query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
>> column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
>> keycolumn='{$_REQUEST['keycolumn']}'";
>
> Argh!
>
> $query = sprintf("UPDATE tablename"
> ." SET column2='%s', column3='%s'"
> ." WHERE column1='%s';"
> ,mysql_real_escape_string($_REQUEST['column2'])
> ,mysql_real_escape_string($_REQUEST['column3'])
> ,mysql_real_escape_string($_REQUEST['column1'])
> );
>
> --
> Toby A Inkster BSc (Hons) ARCS
> [Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
> [OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]
>
> PHP Linkifier
> http://tobyinkster.co.uk/blog/2007/07/18/linkify/

Be sure to clean your input before you put it into the database, that
certainly could present a problem in the future if someone tries an
Injection attack. As for using the $_REQUEST array, try to use the more
specific $_GET or $_POST arrays, as the ability to send data through two
methods could cause problems if someone tries to maliciously insert data.

Matt

Ronald Schow wrote:
> The page I want to update is similar to "http:www.hospiceslo.org/events.php"
> (read only). On my update page I've got the same table as a FORM where the
> client can make changes to the fields. The problem I'm having is updating
> the MySQL data base with the content of the form. I have no clue and would
> like to know where to start. Can I get some pointers to references or
> examples, even suggestions, on how this can be successfully done?

Without checking what the user has sent

//assume you have already connected to the database
//if not see the online manual for mysql_connect()
$query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
keycolumn='{$_REQUEST['keycolumn']}'";
mysql_query($query);

In your form you have a hidden field keycolumn which has the rows primary key
value and then you name the options that the user can update for column1,
column2, ...


--

//Aho

J.O. Aho wrote:

> $query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
> column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
> keycolumn='{$_REQUEST['keycolumn']}'";

Argh!

$query = sprintf("UPDATE tablename"
." SET column2='%s', column3='%s'"
." WHERE column1='%s';"
,mysql_real_escape_string($_REQUEST['column2'])
,mysql_real_escape_string($_REQUEST['column3'])
,mysql_real_escape_string($_REQUEST['column1'])
);

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]

PHP Linkifier
http://tobyinkster.co.uk/blog/2007/07/18/linkify/

"Toby A Inkster" <usenet200707 [at] tobyinkster.co.uk> wrote in message
news:j4v0n4-mvu.ln1 [at] ophelia.g5n.co.uk...
> J.O. Aho wrote:
>
>> $query("UPDATE tablename SET column1='{$_REQUEST['column1']}',
>> column2='{$_REQUEST['column2']}', column3='{$_REQUEST['column3']}' WHERE
>> keycolumn='{$_REQUEST['keycolumn']}'";
>
> Argh!
>
> $query = sprintf("UPDATE tablename"
> ." SET column2='%s', column3='%s'"
> ." WHERE column1='%s';"
> ,mysql_real_escape_string($_REQUEST['column2'])
> ,mysql_real_escape_string($_REQUEST['column3'])
> ,mysql_real_escape_string($_REQUEST['column1'])
> );
>
> --
> Toby A Inkster BSc (Hons) ARCS
> [Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
> [OS: Linux 2.6.12-12mdksmp, up 27 days, 11:55.]
>
> PHP Linkifier
> http://tobyinkster.co.uk/blog/2007/07/18/linkify/

Be sure to clean your input before you put it into the database, that
certainly could present a problem in the future if someone tries an
Injection attack. As for using the $_REQUEST array, try to use the more
specific $_GET or $_POST arrays, as the ability to send data through two
methods could cause problems if someone tries to maliciously insert data.

Matt