MySql Update script functional error 1

[nickhstd2]

Can anyone explain why the script below would update the whole MySql table ( 3300+ records) with the extracted record.

The intention was to just update the extracted record, not all of them!!!

Also, what does:

$Resultset = $MyDb->f_GetRecord($Result);

actually do?

Please explain this in PHP newbie talk, Thanks!

The script concerned:

<?php

include('general/header.inc');

require_once('general/general.php');

if (!(isset($_POST['SubmitForm_x'])))
{
$whereStmt = $_GET['client_id'];

print "$whereStmt<br><br>"; // For debug only

$Result= mysql_query("SELECT * FROM client_tbl WHERE client_id = $whereStmt")
or die("SELECT Error: ".mysql_error());

// print "$Result<br><br>"; // For debug only

$num_rows = mysql_num_rows($Result); // For debug only

print "There are $num_rows records.<br><br>"; // For debug only

$Resultset = $MyDb->f_GetRecord($Result);

print "$Resultset<br><br>"; // For debug only
?>



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "

http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>


<title>Insert in to Client Table</title>


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="style/style.css" rel="stylesheet" type="text/css">


<script type="text/javascript" src="scripts/pdw.js"></script>

<script type="text/javascript">

function checkForm()
{
formErrors = new Array();

isValidAny(document.getElementById(client_id_ID), User No:: null, true);

isValidAny(document.getElementById(contact_ID), Contact Name:: null, true);

isValidAny(document.getElementById(phone_no_ID), Phone No.:: null, true);

isValidAny(document.getElementById(addr_1_ID), Postal Address:: null, true);

isValidAny(document.getElementById(addr_2_ID), .:: null, true);

isValidAny(document.getElementById(addr_3_ID), .:: null, true);

isValidAny(document.getElementById(city_ID), .:: null,true);

isValidAny(document.getElementById(county_ID), .:: null, true);

isValidAny(document.getElementById(post_code_ID), Post Code:: null, true);

isValidAny(document.getElementById(pct_ID), PCT:: null, true);

isValidAny(document.getElementById(sha_ID), SHA:: null, true);

isValidAny(document.getElementById(sales_person_ID), Account Manager:: null, true);

isValidAny(document.getElementById(nat_code_ID), National Code:: null, true);
isValidAny(document.getElementById(site_type_ID), Main or Branch Site:: null, true);

var errorText = '';
if (formErrors.length > 0)
{
for (var i=0; i<formErrors.length; i++)
errorText = errorText + formErrors;
alert(errorText);
return false;
}
return true;
}
</script>
</head>

<body>


<form name="UpdateForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onSubmit="return checkForm()">


<div id="insertblock">

<table>

<tr>
<td class="tableheader" colspan="2">
Update Customer Record
</td>
</tr>

<tr>

<th>User No:</th>

<td><INPUT TYPE=TEXT NAME="client_id" ID="client_id_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['client_id']; ?>" />
</td>

</tr>

<tr>

<th>Contact Name:</th>

<td><INPUT TYPE=TEXT NAME="contact" ID="contact_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['contact']; ?>" />
</td>

</tr>

<tr>

<th>Phone No.:</th>

<td><INPUT TYPE=TEXT NAME="phone_no" ID="phone_no_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['phone_no']; ?>" />
</td>

</tr>

<tr>

<th>Postal Adress:</th>

<td><INPUT TYPE=TEXT NAME="addr_1" ID="addr_1_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['addr_1']; ?>" />
</td>

</tr>

<tr>

<th>.</th>

<td><INPUT TYPE=TEXT NAME="addr_2" ID="addr_2_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['addr_2']; ?>" />
</td>

</tr>

<tr>

<th>.</th>

<td><INPUT TYPE=TEXT NAME="addr_3" ID="addr_3_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['addr_3']; ?>" />
</td>

</tr>

<tr>

<th>.</th>

<td><INPUT TYPE=TEXT NAME="city" ID="city_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['city']; ?>" />
</td>

</tr>

<tr>

<th>.</th>

<td><INPUT TYPE=TEXT NAME="county" ID="addr_3_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['county']; ?>" />
</td>

</tr>

<tr>

<th>Post Code:</th>

<td><INPUT TYPE=TEXT NAME="post_code" ID="post_code_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['post_code']; ?>" />
</td>

</tr>
<tr>

<th>PCT:</th>

<td><INPUT TYPE=TEXT NAME="pct" ID="pct_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['pct']; ?>" />
</td>

</tr>

<tr>

<th>SHA:</th>

<td><INPUT TYPE=TEXT NAME="sha" ID="sha_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['sha']; ?>" />
</td>

</tr>

<tr>

<th>Account Manager:</th>

<td><INPUT TYPE=TEXT NAME="sales_person" ID="sales_person_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['sales_person']; ?>" />
</td>

</tr>

<tr>

<th>National Code:</th>

<td><INPUT TYPE=TEXT NAME="nat_code" ID="nat_code_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['nat_code']; ?>" />
</td>

</tr>

<tr>

<th>Main or Branch Site:</th>

<td><INPUT TYPE=TEXT NAME="site_type" ID="site_type_ID" SIZE=30 MAXLENGTH=100 VALUE="<?php echo $Resultset['site_type']; ?>" />
</td>

</tr>

<tr>

<?php
echo '<td class="tablefooter" colspan="2">

<a href="javascript:history.back()"> <img src="style/back.gif" alt="Back"> </a>';

echo '<input type="image" src="style/update.gif" name="SubmitForm">';

?>

<input type="hidden" name="hidden_whereStmt" value='<?php echo $whereStmt; ?>'>
</td>


</tr>

</table>

</div>

</form>

</body>

</html>



<?php
}

else {
$updateSql = 'UPDATE client_tbl SET '
.
" client_id='".addslashes($_POST['client_id'])."'"
.
", contact='".addslashes($_POST['contact'])."'"
.
", phone_no='".addslashes($_POST['phone_no'])."'"
.
", addr_1='".addslashes($_POST['addr_1'])."'"
.
", addr_2='".addslashes($_POST['addr_2'])."'"
.
", addr_3='".addslashes($_POST['addr_3'])."'"
.
", city='".addslashes($_POST['city'])."'"
.
", county='".addslashes($_POST['county'])."'"
.
", post_code='".addslashes($_POST['post_code'])."'"
.
", pct='".addslashes($_POST['pct'])."'"
.
", sha='".addslashes($_POST['sha'])."'"
.
", sales_person='".addslashes($_POST['sales_person'])."'"

.
", nat_code='".addslashes($_POST['nat_code'])."'"

.
", site_type='".addslashes($_POST['site_type'])."'"

.
' WHERE '.stripslashes($_POST['hidden_whereStmt']);


$MyDb->f_ExecuteSql($updateSql);


header('Location: list.php');

}

?>

 

[vacunita]

Can anyone explain why the script below would update the whole MySql table ( 3300+ records) with the extracted record.

The intention was to just update the extracted record, not all of them!!!

Your where clause in your Update statement doesn't seem to be conditioning the update to a single row.

WHERE '.stripslashes($_POST['hidden_whereStmt']);

The Where clause should be in the form of a condition. "WHERE fieldname=somevalue". That limits the returned results for the update to whcihever rows match the value in the specified field. Passing a value from your form directly does not limit anything so all records are updated.

Also, what does:

$Resultset = $MyDb->f_GetRecord($Result);

What abstraction layer are you using? I'm not familiar with the f_GetRecord function? I can take a guess that it probably return a single row, form a resultset produced by a query. And then moves the pointer in the resultset 1 notch forward.

So if your Query produced say 5 rows. GetRecord would return the first row, and move the pointer to the second row, so the next time its called it returns the second row and repeats the process.
However I can't be sure without knowing exactly what DB layer you are using.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[nickhstd2]

Thanks vacunita

Correcting the WHERE statement did the trick!