Member Avatar for fheppell

This php code updates a database entry. The form consists of a checkbox (name = download) and a hidden field so I can check it has actually been sumbitted(name = updated). When I run this code it gives me the success message but the database remains unchanged. Why is this?

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $query = sprintf("UPDATE `images` SET `download`='%s' WHERE `url`='%s'",
             mysql_real_escape_string($candownload),
             mysql_real_escape_string($url));
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}

Thanks for any help

  • 2 Contributors
  • 7 Replies
  • 159 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by fheppell

Recommended Answers

All 7 Replies

Member Avatar for code_rum

First of all What are you trying to do??
found some error

mysql_select_db($dbname,$con);

Should be before query.

Update query is having a syntax error.
I may be wrong but sprintf doesn't work this way .

$val_one = sprintf('%s', $candownload);//This assigns value to $val_one . According to me there's no need to use sprintf
$val_two = sprintf('%s', $url);
$query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";

Didn't get it what you are trying to do with these ones

    mysql_real_escape_string($candownload),
    mysql_real_escape_string($url)

If you are using mysql_real_escape_string
use before running a query . This would help you to understand your code properly.

May be this should help

Edited by code_rum
Member Avatar for fheppell

This code was given in another thread to help prevent sql injection

Member Avatar for code_rum

Try this one

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $val_one = sprintf('%s', mysql_real_escape_string($candownload));
    $val_two = sprintf('%s', mysql_real_escape_string($url));
    $query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}
Edited by code_rum
Member Avatar for fheppell

Thanks!

Edited by fheppell
Member Avatar for fheppell

Tried this, but the database still isn't updating

Member Avatar for code_rum

Try Debugging it.

echo something inside if .

comment header('Location: account') and session part for now.

Member Avatar for fheppell

Worked it out! A GET variable was not being submitted properly. Thanks for all the help, I'm using your suggestion as it looks cleaner.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.