Menu
Community /Pin to ProfileBookmark
@NogDogJan 19.2013 — #Check the return value from your calls to mysql_query() to see if it is false, and if so output/log some debug info (such as via mysql_error()). I suspect the problem is that you are not quoting the non-numeric values for email and password.
Note that there is no need for 3 separate queries: all 3 fields can be set in a single update query.
Lastly, your script is susceptible to SQL injection since you are not escaping the strings being inserted as values or used in the where clause, nor ensuring that numeric values are actually numeric (see mysql_real_escape_string()).
Even more lastly, the MySQL extension has been deprecated in favor of either the MySQL[b]i[/b] or PDO extension (both of which allow you to use bound parameters in your queries, getting rid of the need to worry about escaping text parameters.
Updating rows in a mysql table
Hey I im trying to udpate the rows PassWord, email, Age in my membersys table of my mysql database. With the code im using its only saving the age and nothing else.
Also the the new info is coming from a form using the POST method
[code=php]<?php
session_start();
$con = mysql_connect(“localhost”,”MyUser”,”MySecretPass”);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
mysql_select_db(“membersys”, $con);
$ui = $_POST[‘username’];
$pi = $_POST[‘password’];
$ei = $_POST[’email’];
$ag = $_POST[‘age’];
$user = $_SESSION[‘UserName’];
mysql_query(“UPDATE Member SET PassWord=$ui WHERE UserName=’$user'”);
mysql_query(“UPDATE Member SET email=$ei WHERE UserName=’$user'”);
mysql_query(“UPDATE Member SET Age=$ag WHERE UserName=’$user'”);
Header(“Location: acc_content.php?account=updated”);
mysql_close($con);
?>
Any Ideas?
Sign in
to post a comment2 Comments(s) ↴
0
@NogDogJan 19.2013 — #Check the return value from your calls to mysql_query() to see if it is false, and if so output/log some debug info (such as via mysql_error()). I suspect the problem is that you are not quoting the non-numeric values for email and password.Note that there is no need for 3 separate queries: all 3 fields can be set in a single update query.
Lastly, your script is susceptible to SQL injection since you are not escaping the strings being inserted as values or used in the where clause, nor ensuring that numeric values are actually numeric (see mysql_real_escape_string()).
Even more lastly, the MySQL extension has been deprecated in favor of either the MySQL[b]i[/b] or PDO extension (both of which allow you to use bound parameters in your queries, getting rid of the need to worry about escaping text parameters.