PHP code not updating form values to database
Question
I have a sample data in my database that I am trying to override with my data in a form submission with a primary key PageID set to 0, my query to my knowledge is correct, I have no errors upon submission just no data going into the database. Here is the entire PHP document.
<?php
if(isset($_POST['update'])){
$pageid = 0;
$dbc = @mysqli_connect ('localhost', 'elinksw_ju1ez', '*******', 'elinksw_ju1ez') OR die ('<p class="error">Cannot connect to the database.</body></html>');
$q = "UPDATE tblContent SET PageHeading='$_POST[PageHeading]' ,SubHeading='$_POST[SubHeading]' ,Content='$_POST[Content]' ,PageTitle='$_POST[PageTitle]' ,MetaDescription='$_POST[MetaDescription]' ,MetaKeywords='$_POST[MetaKeywords]' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q);
mysqli_close($dbc);
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="./includes/adminStyle.css">
<title>Administration - Edit content</title>
</head>
<body>
<header>
<h1>Edit Content</h1>
<h2>Welcome Administrator</h2>
</header>
<nav>
<a href="admin.php" class="myButton">Manage Homepage</a><br>
<a href="admin.php" class="myButton">Manage Products</a><br>
<a href="admin.php" class="myButton">Manage Contacts</a><br>
</nav>
<section>
<h2>Manage Homepage</h2>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="300" cellpadding="2" cellspacing="2">
<tr>
</tr>
<tr>
<td>Page Heading:</td>
<td><input type="text" name="PageHeading"></td> </tr>
<tr>
<td>Sub Heading:</td>
<td><input type="text" name="SubHeading"></td> </tr>
<tr>
<td>Page Title:</td>
<td><input type="text" name="PageTitle"></td> </tr>
<tr>
<td>MetaDescription:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="MetaDescription"></textarea></td> </tr>
<tr>
<td>MetaKeywords:</td>
<td><input type="text" name="MetaKeywords"></td> </tr>
<tr>
<td>Content:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="Content"></textarea></td> </tr>
<tr>
<td><input type="submit" name="update" value = "Update Database"></td> </tr>
</section>
</form>
</body>
</html>
Here is the table in the database
1 answers
solution1
4 ACCPTED 2015-04-19 22:40:57
First of all, your code is dangerous, is vulnerable to Injection attacks, you have to filter and escape your $_POST variables ( http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks )
A quick & dirty solution to grasp what's going on would involve:
$PageHeading = mysqli_real_escape_string($dbc, $_POST['PageHeading']);
$subHeading = mysqli_real_escape_string($dbc, $_POST['SubHeading']);
$Content = mysqli_real_escape_string($dbc, $_POST['Content']);
$PageTitle = mysqli_real_escape_string($dbc, $_POST['PageTitle']);
$MetaDescription = mysqli_real_escape_string($dbc, $_POST['MetaDescription']);
$MetaKeywords = mysqli_real_escape_string($dbc, $_POST['MetaKeywords']);
$q = "UPDATE tblContent SET PageHeading='$PageHeading' ,SubHeading='$SubHeading' ,Content='$Content' ,PageTitle='$PageTitle' ,MetaDescription='$MetaDescription' ,MetaKeywords='$MetaKeywords' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc)); //remove this on production
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.