2

I cant see the problem in my update form, but no matter what i do it will not update my db. I was hoping someone in here could help me out.

I have tried to use mysql_error() after the update statement but no errors was found and have tried echoing out the update statement and couldn't see any problems.

URL = http://localhost/maga/php/update_red.php?id=6&read=14

<?php
$host="localhost";
$pass="*****";
$user="my_db_user";
$db="my_db_name";
$tblname="artikler";

$con=mysql_connect($host, $user, $pass)or die(mysql_error());
mysql_select_db($db)or die(mysql_error());

$read=(int)$_GET['read'];
$id=$_GET['id'];

$read++;

mysql_query("UPDATE $tblname SET read='$read' WHERE id='$id'");

?>

Improve this question
6
  • 1
    I hope that is not your real db login data you are posting. Commented Mar 12, 2012 at 17:57
  • its a closed server so you cant use the data to anything ;) Commented Mar 12, 2012 at 17:58
  • Probably is, but it's localhost, we don't know his IP so it's fine. Commented Mar 12, 2012 at 17:58
  • 2
    Your script is vulnerable to SQL injection by not cleansing your $id variable. Commented Mar 12, 2012 at 17:59
  • What is the error you are getting? Commented Mar 12, 2012 at 18:00

7 Answers 7

Reset to default
2

read is a reserved word, and so needs to be specially quoted with backticks for it to work in query

so try

if (!mysql_query("UPDATE $tblname SET `read`='$read' WHERE id='$id'"))
{
    die("update failed with error ".mysql_error());
}

Also, the $id value isn't being sanitized in any way, so the code is vulnerable to an SQL injection attack. Definitely worth your time learning about such things.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Try outputting your query:

print("UPDATE $tblname SET read='$read' WHERE id='$id'");

Also, is your ID field a number? If so, get rid of the quotes you have around it.

Improve this answer

Comments

0

do a very simple thing, echo "UPDATE $tblname SET read='$read' WHERE id='$id'";
Try running the query from phpmyadmin or whatever tool you use for writing mysql queries.


See if it gives you any error...

Improve this answer

1 Comment

found the problem, i think 'read' is an sql value because when i change the name of the column i had no problems in updating it. but thanks for the great advises...
0

You're not passing the database connection on your mysql_query:

mysql_query("UPDATE $tblname SET read='".$read."' WHERE id='".$id."'", $con);
Improve this answer

1 Comment

You don't have to with mysql_query.
0

Try this code:

<?php
$host="localhost";
$pass="*****";
$user="my_db_user";
$db="my_db_name";
$tblname="artikler";

mysql_connect($host, $user, $pass)or die(mysql_error());
mysql_select_db($db)or die(mysql_error());

$read=(int)$_GET['read'];
$id=$_GET['id'];

$read++;

mysql_query("UPDATE $tblname SET read='$read' WHERE id='$id'");

mysql_close();

?>
Improve this answer

Comments

0

Try this

\\In your script add the below line and try whether its working
$con=mysql_connect($host, $user, $pass)or die(mysql_error());
mysql_select_db($db,$con)or die(mysql_error());
Improve this answer

Comments

0

found the problem, i think 'read' is an sql value because when i changed the name of the column i had no problems in updating it... but thanks for all the good advises...

Improve this answer

1 Comment

that's the answer I gave you yesterday :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.