Update keeps failing with php/sqlite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I made a toy database.  Two tables are "students" (a collection of student
info) and "message" (private messages I want individual students to read).
The "message" table is indexed by a student's social security number.

student
   last, first, ssn, address, city, state, zip, email

message
   msg1, ssn


I'm trying to update msg1, unsuccessfully.  Everything *seems* to go
perfectly.  The $_POST variables exist and hold what I think they should
hold, the SQL looks OK.  I checked the sqlite website, and "UPDATE" is
indeed supported.  I've been scratching my head a lot over this one:


The given code is (note My_Header() and My_Footer() just interject a little
HTML, like "<html>" and the like):




// We picked the class and student.  Now display the current message.
//
if ( isset($_REQUEST['action']) && $_REQUEST['action'] == 'editmsg' )
{
	$handle = sqlite_open($_SESSION['dbfile'])
		or die("Could not open database.");

	$query = "SELECT msg1 FROM message " .
		"WHERE ssn = '" . sqlite_escape_string($_POST['ssn']) . "'";

	$result = sqlite_query( $handle, $query );

	if ( sqlite_num_rows($result) > 0 )
		$msg = sqlite_fetch_single($result);
	else
		$msg = '';


	My_Header("Messages");

	?>
	<form method="post" action="<? echo $_SERVER['PHP_SELF']; ?>?action=submitedit">
		<textarea name="msg" cols="40" rows="8">
<? echo "+$msg+" ?></textarea>
		<p><input type="hidden" name="ssn" value="<? echo $_POST['ssn'] ?>"></p>
		<p><input type="submit" value="Edit"></p>
	</form>

	<?

	My_Footer();

	exit(0);
}



// If we're here, it's because we want to update the message in the
// database.  This performs the SQL using "UPDATE".
//
if ( isset($_REQUEST['action']) && $_REQUEST['action'] == 'submitedit' )
{

	$handle = sqlite_open($_SESSION['dbfile'])
		or die('Error in query: ' .
		sqlite_error_string(sqlite_last_error($handle)));

	$query = "UPDATE message " .
		"SET msg1 = '" . sqlite_escape_string($_POST['msg']) . "' " .
		"WHERE ssn = '" . sqlite_escape_string($_POST['ssn']) . "'";


	sqlite_query($handle, $query)
		or die('Error in query: ' .
		sqlite_error_string(sqlite_last_error($handle)));

	Header("Location: " . $_SERVER['PHP_SELF'] . "?action=chose");
	exit(0);
}

?>



Anything wrong with this code?  I've tried to write as defensively as I can.

Thanks!
Pete

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux