0

This php code updates a database entry. The form consists of a checkbox (name = download) and a hidden field so I can check it has actually been sumbitted(name = updated). When I run this code it gives me the success message but the database remains unchanged. Why is this?

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $query = sprintf("UPDATE `images` SET `download`='%s' WHERE `url`='%s'",
             mysql_real_escape_string($candownload),
             mysql_real_escape_string($url));
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}

Thanks for any help

2
Contributors
7
Replies
26
Views
4 Years
Discussion Span
Last Post by fheppell
0

First of all What are you trying to do??
found some error

mysql_select_db($dbname,$con);

Should be before query.

Update query is having a syntax error.
I may be wrong but sprintf doesn't work this way .

$val_one = sprintf('%s', $candownload);//This assigns value to $val_one . According to me there's no need to use sprintf
$val_two = sprintf('%s', $url);
$query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";

Didn't get it what you are trying to do with these ones

    mysql_real_escape_string($candownload),
    mysql_real_escape_string($url)

If you are using mysql_real_escape_string
use before running a query . This would help you to understand your code properly.

May be this should help

Edited by code_rum

0

This code was given in another thread to help prevent sql injection

1

Try this one

if(isset($_POST['updated'])){
    $candownload = isset($_POST['download']) ? "y":"n";
    $val_one = sprintf('%s', mysql_real_escape_string($candownload));
    $val_two = sprintf('%s', mysql_real_escape_string($url));
    $query = "UPDATE images SET download = '$val_one' WHERE url='$val_two'";
    mysql_select_db($dbname,$con);
    mysql_query($query) or die(mysql_error()); 
    $message = "<div class='alert alert-success'>Your settings have been updated</div>";
    $_SESSION['message'] = $message;
    header('Location: account');
}else{
    $message = "";
}

Edited by code_rum

0

Try Debugging it.

echo something inside if .

comment header('Location: account') and session part for now.

0

Worked it out! A GET variable was not being submitted properly. Thanks for all the help, I'm using your suggestion as it looks cleaner.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.