Can't Update - Won't Update

[EvilAsh]

This form is driving me scatty!!

I cannot for the life of me see where I am going wrong!!

I am attempting to buid a form that will form part of a rudimentry CMS, this being the record editing page.

It lists the items fine & displays the form fine but every time I submit the changes I get my query error handling message "update failed".

It's gonna be something obvious I am sure but can anybody please help?

Thanks.

<? 

//connect to mysql
mysql_connect("localhost","",""); 
	
//select  database
mysql_select_db("uniquecrauk"); 

//If cmd has not been initialized
if(!isset($cmd)) 
{
   //display all the items
   $result = mysql_query("select * from gallery order by id"); 
   
    echo"<table border='1'>";
	echo"<tr><td>ID No.</td><td>Name</td><td>Action</td><tr>";
   
   //run the while loop that grabs all the gallery items
   while($r=mysql_fetch_array($result)) 
   { 
      //grab the name and the ID of the gallery item
      $name=$r["name"];//extract the name
      $id=$r["ID"];//extract the id
     
	 //make the name a link
	
	 echo"<tr><td>$id</td><td>$name</td><td><a href='edit.php?cmd=edit&id=$id'>Click To Edit</a></td><tr>";

    }
	echo "</table>";
}
?>

<?
//the form bit
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
   if (!isset($_POST["submit"]))
   {
      $id = $_GET["id"];
      $sql = "SELECT * FROM gallery WHERE ID=$id";
      $result = mysql_query($sql);        
      $myrow = mysql_fetch_array($result);
      ?>
	  <?php echo"record number:$id"; ?>
      <form action="edit.php" method="post">
      <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
   <table><tr><td>
      Name:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="name" VALUE="<?php echo $myrow["name"] ?>" SIZE=60></td></tr><tr><td>
	  Price:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="price" VALUE="<?php echo $myrow["price"] ?>" SIZE=12></td></tr><tr><td>
	  Thumb:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="thumb" VALUE="<?php echo $myrow["thumb"] ?>" SIZE=60></td></tr><tr><td>
	  Image:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="image" VALUE="<?php echo $myrow["image"] ?>" SIZE=60></td></tr><tr><td>
      Description:</td></tr><tr><td><TEXTAREA NAME="description" ROWS=10 COLS=30><? echo $myrow["description"] ?></TEXTAREA><br></td></tr><tr><td>
      Style:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="style" VALUE="<?php echo $myrow["style"] ?>" SIZE=30><br></td></tr><tr><td><tr><td>
	  Style ID:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="style_id" VALUE="<?php echo $myrow["style_id"] ?>" SIZE=30></td></tr><tr><td>
	  New:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="new" VALUE="<?php echo $myrow["new"] ?>" SIZE=30></td></tr><tr><td>
	  Special:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="special" VALUE="<?php echo $myrow["special"] ?>" SIZE=30></td></tr><tr><td>
	  Catagory:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="cat" VALUE="<?php echo $myrow["cat"] ?>" SIZE=30></td></tr><tr><td>
	  Gallery:</td></tr><tr><td><INPUT TYPE="TEXT" NAME="gallery" VALUE="<?php echo $myrow["gallery"] ?>" SIZE=30></td></tr><tr><td>
   
      <input type="hidden" name="cmd" value="edit">
   
      <input type="submit" name="submit" value="submit">
   </tr><table>
      </form>
   
   <? } ?>

   <? 
   //the query bit
   if ($_POST["$submit"])
   {
$id =    $_POST['id'];
$name =    $_POST['name'];
$price =    $_POST['price'];
$thumb =    $_POST['thumb'];
$image =    $_POST['image'];
$description =    $_POST['description'];
$style =    $_POST['style'];
$style_id =    $_POST['style_id'];
$new =    $_POST['new'];
$special =    $_POST['special'];
$cat =    $_POST['cat'];
$gallery =    $_POST['gallery'];

      $sql = "UPDATE gallery SET name='$name', price= '$price', thumb= '$thumb', image= '$image', description= '$description', style= '$style', style_id='$style_id', new= '$new', special= '$special', cat= '$cat', gallery= '$gallery'  WHERE ID=$id";

      $result = mysql_query($sql);
	  if ($result)
       {
   echo( "Record $name Updated." );
       }
   else
       {
   echo "Update Failed";
       }
	  ?><a href ='edit.php'>return</a><?php
   }
}
?>

 

[vacunita]

If I where you id echo your query to see exactly what it is you are sending to the DB. I would then copy it, and place it in your DB admin tool to be run an see if you get any usefull error message.




----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[vacunita]

Also why don;t you add "or DIE(mysql_error());" at the end of the mysql_query command, so you know exactly why its failing.It will show you the error if any bthat the DB is returning.

$sql = "UPDATE gallery SET name='$name', price= '$price', thumb= '$thumb', image= '$image', description= '$description', style= '$style', style_id='$style_id', new= '$new', special= '$special', cat= '$cat', gallery= '$gallery'  WHERE ID=$id";
[red]echp $sql;[/red]
      $result = mysql_query($sql) [blue]or die(mysql_error()) ;[/blue]

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

I'd be surprised if your database update code ever got called (and therefore showed update failed). you are using a conditional test:

if ($_POST["$submit"])

unless you have register globals turned on (bad idea) you have not instantiated the $submit variable and so it will be semantically equivalent to:

if ($_POST[])

which will never pass the test (without register globals).

your query looks well formed but you are not escaping the values that come in. at the very least i would do the following:

if (!get_magic_quotes_gpc()):
 foreach ($_POST as $key => &$val):
    $val = mysql_escape_string(trim($val));
 endforeach;
else:
 foreach ($_POST as &$val):
    $val = trim($val);
 endforeach;
endif;

then do your variable assignments

$id = $_POST['id']; //etc

lastly, as a matter of course i also enquote the id's in my sql calls. partly this is because 9/10 times i use unique alphanumerics rather than an autoincrementing numeric but also mysql doesn't care either way. as i tend to use varchars for just about everything short of binaries, timestamps and very long text it works just fine for portability too. this will probably be slammed by others as bad security practice, and they're right. ideally you should validate each item of incoming data for nasty stuff and make sure that it is in an acceptable format. this can be done by casting the incoming variables (eg.

if ($_POST['id'] !== (int) $_POST['id']) die ("nasty input");

if changing $submit to submit above does not work then i wholeheartedly endorse vacunita's post. put lots of footprints in the code too. read sleipnir214's FAQ on debugging techniques in the FAQ section of this forum.

 

[EvilAsh]

Thanks guys.

I have it working fine now - it was problem with the query, dicovered using the debug techniques you suggested.