1

I'm having problems with the following code to update a database. There are no errors, and I know it's not the database because I have another 'GET' script which uses the same &con information and returns data from the database just fine. However, the database just never updates.

 <?php
    define("DB_DSN","xxx");
    define("DB_HOST","xxx");
    define("DB_USER","xxx");
    define("DB_PASS","xxx");

    $con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('Could not connect: ' .mysql_error());
    mysql_select_db(DB_DSN) or die('Could not select database');    
    $id = base64_decode($_POST["id"]);
    $deaths = base64_decode($_POST["deaths"]);
    $sql = "UPDATE Level01 SET Deaths =' . $id .' WHERE DeathID= ' . $deaths . '" ;     
    $uresult = mysql_query($sql,$con);
    if(! $uresult )
    {
      die('Could not update data: ' . mysql_error());
    }
    echo "Updated data successfully\n";
    mysql_close($con);
    exit;

Can anyone help??

Improve this question
3
  • Are you sure your $_POST variables have in tem what you expect? Are you sure they're Base64 encoded? Commented Sep 13, 2013 at 9:33
  • change your UPDATE statement to "UPDATE Level01 SET Deaths ='" . $id . "' WHERE DeathID= '" . $deaths . "'"; Commented Sep 13, 2013 at 9:34
  • You have a SQL injection vulnerability. Commented Jan 23, 2014 at 13:01

6 Answers 6

Reset to default
2

This 

"UPDATE Level01 SET Deaths =' . $id .' WHERE DeathID= ' . $deaths . '" ;

should be

"UPDATE Level01 SET Deaths ='" . $deaths . "' WHERE DeathID= " . $id . " ;

I think.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Basicly insert this code without using variables:

mysql_query("UPDATE `Level1` SET `Deaths`= '".$deaths."' WHERE DeathID= ".$id.");
Improve this answer

1 Comment

You have a SQL injection vulnerability.
0 
$sql = "UPDATE Level01 SET Deaths =' . $id .' WHERE DeathID= ' . $deaths . '" ;

Should be

$sql = "UPDATE Level01 SET Deaths ='" . $deaths . "' WHERE DeathID= '" . $id . "'";
Improve this answer

1 Comment

Considering he's using double quotes and trying to concatenate using single quotes, I'd say it does.
0

Try to echo your variables at first and you don't neeed '.$id.' (actually it should be '".$id."') you can write Deaths = '$id' or Deaths = '$deaths' should be the right one.

Improve this answer

Comments

0

I suggest to do echo $sql ; and then you will know your error :)

Points are here interpreted as caracter not as concatenation operator,so update will update every Death that has id ='.value.' ,it not exists in database and then nothing happens.

Replace this :

$sql = "UPDATE Level01 SET Deaths =' . $id .' WHERE DeathID= ' . $deaths . '" ;

By this :

$sql = "UPDATE Level01 SET Deaths ='$id' WHERE DeathID= '$deaths'" ;
Improve this answer

1 Comment

@user2775839 please validate this answer so that it can be seen in the top and helps others
0

Hi Please remove the dots from query as shown below it will solve problem.

$sql = "UPDATE Level01 SET Deaths ='$id' WHERE DeathID= '$deaths'" ;

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.