0

Edit: I've re-written my question to include more details:

Here's a snapshot of the code that produces the page of results from the database of users:

userdetails.php 

$currenttechnicians = "SELECT * FROM ahsinfo ORDER BY FirstName";
$currenttechniciansresults = sqlsrv_query($conn,$currenttechnicians) or die("Couldn't     execut query");

while ($techniciandata=sqlsrv_fetch_array($currenttechniciansresults)){

echo "<tr align=center>";
echo "<td height=35 background=largebg.gif style=text-align: center valign=center>";

echo "<input type=hidden name=\"ID\" value=";
echo $techniciandata['ID'];
echo ">";
echo "<input type=textbox name=\"FirstName\" value=";
echo $techniciandata['FirstName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"LastName\" value=";
echo $techniciandata['LastName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox size=40 name=\"SIPAddress\" value=";
echo $techniciandata['SIPAddress'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"MobileNumber\" value=";
echo $techniciandata['MobileNumber'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";

?>

Here's the code that handles the form submission: (again, just the SQL query that updates the database. I've removed the database connection string).

edituserdetails.php

<?PHP
//Add the new users details to the database
$edituser = " UPDATE ahsinfo SET FirstName='{$_POST['FirstName']}',     LastName='{$_POST['LastName']}', SIPAddress='{$_POST['SIPAddress']}',     MobileNumber='{$_POST['MobileNumber']}' WHERE ID='{$_POST['ID']}' ";
$editresult = sqlsrv_query($conn,$edituser) or die("Couldn't execute query to update     database");
?>

I'm trying to update the entire database (it's a small database) with any changes that a user makes on the userdetails.php page.

Improve this question
1
  • Strings must be encapsulated with either ' or " Commented Jun 12, 2014 at 1:29

1 Answer 1

Reset to default
1

You're missing quotes around your string values and used a curly brace instead of a bracket on one of your POST variables:

UPDATE ahsinfo 
SET FirstName="{$_POST['FirstName']}", 
    LastName="{$_POST['LastName']}", 
    EmailAddress="{$_POST['EmailAddress']}", 
    MobileNumber="{$_POST['MobileNumber']}" 
WHERE ID={$_POST['ID']}

You would have caught this if you checked for errors in your code.

FYI, you are wide open to SQL injections

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Indeed it will. I need to get one eye off of the hockey game and focus on my syntax.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.