0

Hi all...

I need your help, there must be something I am not seeing here when trying to update a table of information in a database.

Here is the code I am currently using.

In my program I have this call...

if (($_POST['changeAddress'] != "") || ($_POST['changeAddress'] != null)) {
	// Change the Address1
	echo "Change Address...<br />";
	$userID = $_SESSION['uid'];
	$theUID = (int)$userID;
	$theValue = $_POST['changeAddress'];
	$updateDB = "UPDATE userinfo (memberAddress) VALUE ('{$theValue}') where (memberID = {$theUID})";
	InfoUpdate($updateDB);
}

And in an include file I have this function being called...

function InfoUpdate($updateThis) {
	// Inserts/Injects Data into database using the query passed along...

	$db = mysql_connect('dbserver', 'dbname', 'dbpassword');
	mysql_select_db('dbname', $db);

	$queryResult = mysql_query('$updateThis');

	if ($queryResult) {
		echo 'Success.';
	}
	else {
		echo '<br />Insertion failed. Please try again.';
	}	
}

I am able to use INSERT just fine, however doing an UPDATE with a WHERE clause seems to not affect anything, and gave errors as to the syntax "near 'WHERE...' but then nothing at all here but the obvious "Insertion Failed" error being echoed out. Echoed out it shows:

UPDATE userinfo (memberAddress) VALUE ('2112 Rush Ave.') where (memberID = 4)

The variable $updateThis shows everything is there and should work correctly. I'd tried several variations of syntax but no success. I am using PHP 5.+ and an updated MySQL server as well insofar as it was just updated a few months ago.

THANKS for any assistance in advance!

-Tom

PS: I'd been reading and 'trying' to learn security measures but am more interested in it simply working. I'll then back it all up and start working with the .htaccess since I'm on a more public/shared server as well as other security methods/aspects. I'm a bit in over my head for this project but determined.

3
Contributors
6
Replies
9
Views
6 Years
Discussion Span
Last Post by jrotunda85
0

AN UPDATE: TRIED PDO But no Go

I thought it may be something in the method I was using, so I tried PDO...

The setup and call...

$updateThis = "UPDATE user SET memberAddress=".$theValue." WHERE memberID=".$theUserID;
	InfoUpdate($updateThis);

And the function itself...

/*** mysql hostname ***/
	$hostname = 'dbserver';

	/*** mysql username ***/
	$username = 'dbusername';

	/*** mysql password ***/
	$password = 'dbpassword';

	try {
		$dbh = new PDO("mysql:host=$hostname;dbname=dbname", $username, $password);
		/*** echo a message saying we have connected ***/
		echo 'Connected to database<br />';
		echo 'Attempting Insert with: '.$updateThis.'<br /><br />';
		/*** INSERT data ***/
		$count = $dbh->exec($updateThis);

		/*** echo the number of affected rows ***/
		echo $count;

		/*** close the database connection ***/
		$dbh = null;
	}
	catch(PDOException $e)	{
		echo $e->getMessage();
	}

When ran, I echoed out the variable and can see it fine...

Change Address...
Connecting to the Database...Connected to database
Attempting Insert with: UPDATE user SET memberAddress=2112 Brown Ave. WHERE memberID=4

So WHY it is NOT executing the actual update I have NO idea.
I get NO Error whatsoever. It is quite unnerving LOL!

Edited by TommyRay: n/a

0

You don't need to concatenate your Update statement, try something like this:

$updateThis = "UPDATE user SET memberAddress = '$theValue' WHERE memberID = '$theUserID'";

It also seems, based on what you have in the first post, you may be mis-labeling some variables? I'm not sure if this was just something you were messing around with but I left your variables consistent with the latest post. Figured I would point that out just in case.

If that still doesn't work, you might want to try just executing the query via PHP without including the function. So do something like this:

$db = mysql_connect('dbserver', 'dbname', 'dbpassword');
mysql_select_db('dbname', $db);

$updateThis = "UPDATE user SET memberAddress = '$theValue' WHERE memberID = '$theUserID'";

$queryResult = mysql_query($updateThis);

if ($queryResult) {
	echo "Success.";
}
else {
	echo "<br />Insertion failed. Please try again.";
}

On that note, you also don't need quotes (single or otherwise) in the mysql_query part when calling a variable which has already been declared. :)

Edited by jrotunda85: n/a

0

I did as you suggested and BAM it worked.
I just need to place it back into the include file again now.
Funny how a simply syntax error like the quotes can mess you up.
I spent like 2 days trying to figure this out, I THANK YOU very much the help!!

-Tom

0

the syntax u used is wrong...

$updateThis = "UPDATE user SET memberAddress = '$theValue' WHERE memberID = '$theUserID'";

it should be.....-

$updateThis = "UPDATE user SET memberAddress = '".$theValue."' WHERE memberID = '".$theUserID."'";
0

the syntax u used is wrong...

$updateThis = "UPDATE user SET memberAddress = '$theValue' WHERE memberID = '$theUserID'";

it should be.....-

$updateThis = "UPDATE user SET memberAddress = '".$theValue."' WHERE memberID = '".$theUserID."'";

Again, you don't need to concatenate an Update statement ;)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.