Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Update query and web forms

Status
Not open for further replies.
mondeoman

mondeoman

MIS
Dec 7, 2006
203
GB
I have a page on my web site where the user can update members details. The SQL I am using is this:

mysql_query("UPDATE tblMembers SET FirstName='$field2',Surname='$field3',Role='$field4',Address1='$field5',Address2='$field6',Address3='$field7',Address4='$field8',PostCode='$field9',Telephone='$field10',email='$field11' WHERE eventid ='$id'");

The form Code is:

<form id="form1" name="form1" method="post" action="">

<table width="49%" border="0" align="center">

<td width="35%"></td>

<tr>

<td>Member No</td>
<td><input name="member_id" type="text" id="member_id" /></td>
</tr>
<tr>
<td>First Name</td>

<td><input name="FirstName" type="text" id="FirstName" /></td>
</tr>
<tr>
<td>Surname</td>

<td><input name="Surname" type="text" id="Surname" /></td>
<tr>
<td>Role</td>

<td><input name="Role" type="text" id="Role" /></td>
<tr>
<td>Address</td>

<td><input name="Address1" type="text" id="Address1" /></td>
</tr>
<td></td>
<td><input name="Address2" type="text" id="Address2" /></td>
</tr>
<td></td>
<td><input name="Address3" type="text" id="Address3" /></td>
</tr>
<td></td>
<td><input name="Address4" type="text" id="Address4" /></td>
</tr>
<td>Post Code</td>

<td><input name="PostCode" type="text" id="PostCode" /></td>
</tr>
<td>Telephone</td>

<td><input name="Telephone" type="text" id="Telephone" /></td>
</tr>
<td>email</td>

<td><input name="email" type="text" id="email" /></td>
</tr>
</tr>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /></td>
</tr>
</table>
</form></p></td> </tr></table></td> </tr></table></td> </tr></table>

This works but the user has to replace all fields if amendments need to be made. What I want is that the user needs only to update a specific field ratehr than all of them. Is there a way I can achieve this.

I have provided a link to a text file that has all the page's code.
 
Sort by date Sort by votes
Hi

First, your database is vulnerable to SQL injection attacks.

Second, your web page is vulnerable to code injection attacks.

Anyway, your question is not really MySQL related, as neither the problem nor the solution is MySQL. It belongs to forum434. Further more, the above mentioned vulnerabilities can also be cured only in PHP.

Regarding your problem, why not do it the other way :
[ul]
[li]populate all form fields with the current values[/li]
[li]the user changes what has to be changed and leaves all others unchanged[/li]
[li]you just save all form fields[/li]
[/ul]


Feherke.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Stored Procedures and triggers
Replies
9
Views
401
penguinspeaks
penguinspeaks
EdLentz
  • Locked
  • Question
How do I use a keyword in a query??
Replies
6
Views
489
EdLentz
EdLentz
penguinspeaks
  • Locked
  • Question
Update column based on input from another column 3
Replies
6
Views
403
penguinspeaks
penguinspeaks
EdLentz
  • Locked
  • Question
Need to compare two tables and list the differences
Replies
3
Views
382
EdLentz
EdLentz
Colin Burton
  • Locked
  • Question
Sending A a video clip to either a web server or MySql Database
Replies
2
Views
157
Colin Burton
Colin Burton

Part and Inventory Search

Sponsor

Back
Top