In addition to Keith's comments
> Evening all,
>
> I am trying to run an update form but struggerling :(
>
> Think my brain has had enough this weekend....
>
> #########################################################################
> Form:
>
> <form action="update.php" method="post">
> <h1><?php echo "$navLink" ?> Page</h1>
> <br/><hr/><br/>
> <script type="text/javascript">
> TinyMCE Script
> </script>
> <textarea id="content_2" name="content_2" rows="11" style="width:400px">
> <?php echo "$content" ?>
> </textarea>
> <br/><br/>
> <input type="submit" name="Button" value="Update Page"/>
> <input type="hidden" name="<?php $keycode ?>" value="<?php echo $keycode ?>
> "/>
> </form>
>
> #########################################################################
>
> Update.php :
> <?php
> include("_inc\access.inc");
> $cxn = mysqli_connect ($host,$user,$passwd,$dbname)
> or die ("Connection Failed");
> $sql = "UPDATE contenttop SET content='$_POST[content_2]'
> WHERE keycode='$_POST[keycode]'";
> $result = mysqli_query($cxn,$sql)
> or die ("UPDATE Failed " .mysqli_error($cxn));
> ?>
Probably not the cause, but you aren't quoting your key names, .i.e. $_POST[keycode]
should be $_POST['keycode']. Also arrays should be surrounded with
braces in double-quoted strings, to be sure they are identified as variables.
> It doesn't seem to update the database, which is the last thing i need to
> sort out before the CMS is done
Not quite. You should also look into escaping your input to avoid SQL
injection. Using input direct from the POST etc variables is A BAD Thing
(TM). Try this:
$content2 = mysqli_real_escape_string($_POST['content_2']);
$keycode = mysqli_real_escape_string($_POST['keycode']);
$sql = "UPDATE contenttop SET content='$content2'
> WHERE keycode='$keycode'";
> Can some one assist??
>
> DB columns:
> keycode navLink content
> --
> Best regards,
>
> Gavin C
--
Niel Archer
--
Niel Archer
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
