1

I'm trying to have an html form which updates mysql data. Now , I have this code(which is also a form action) and I'm trying to also use this as a form for my update. Because I will need the data that this form would show, so that it will be easier for the users to update only what they wish to update.

this is the form that will try to search the data :

  <form name="form1" method="post" action="new.php">
   <td>
   <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
   <tr>
   <td colspan="16" style="background:#9ACD32; color:white; border:white 1px solid;    
 text-align: center"><strong><font size="3">ADMISSION INFORMATION SHEET</strong></td>

 </tr>
<tr>

This is new.php( will display the corresponding data based on the firstname inputted. And will also try to serve as a form for the update process.

$con = mysql_connect("localhost","root","");
    if (!$con)
   {
   die('Could not connect: ' . mysql_error());
       }

     mysql_select_db("Hospital", $con);
     $result = mysql_query("SELECT * FROM t2 WHERE FIRSTNAME='{$_POST["fname"]}'");
    ?>

    <table width="900" border="0" align="left" cellpadding="0" cellspacing="1"            bgcolor="#CCCCCC">
    <td>
   <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
   <tr>
   <td colspan="16" style="background:#9ACD32; color:white; border:white 1px solid;  text-align: center"><strong><font size="3">ADMISSION INFORMATION SHEET</strong></td>
 </tr>
 <tr>

 <?php while ( $row = mysql_fetch_array($result) ) { ?>
<form name="form1" method="post" action="update.php">

   <td width="54"><font size="3">Hospital #</td>

    <td width="3">:</td>

    <td width="168"><input name="hnum" type="text" value="<?php echo $row["HOSPNUM"]; ?>">
</td>

This is my update.php, 

   mysql_select_db("Hospital", $con);


 mysql_query("UPDATE t2 SET HOSPNUM='$_POST[hnum]' ROOMNUM='$_POST[rnum]',                                                                         
     LASTNAME='$_POST[lname]', FIRSTNAME='$_POST[fname]', MIDNAME='$_POST[mname]',      
     CSTAT='$_POST[cs]' AGE='$_POST[age]', BDAY='$_POST[bday]', ADDRESS='$_POST[ad]',  
        STAT='$_POST[stats1]', STAT2'$_POST[stats2]', STAT3'$_POST[stats3]', 
      STAT4'$_POST[stats4]', STAT5'$_POST[stats5]', STAT6'$_POST[stats6]', 
      STAT7'$_POST[stats7]', STAT8'$_POST[stats8]', NURSE='$_POST[nurse]', TELNUM 
    ='$_POST[telnum]'

    WHERE FNAME ='$_POST[fname]'");

mysql_close($con);
    ?>

-Please help, I don't have any idea why it isnt updating the data.

Improve this question
5
  • 3
    What happens if instead of calling mysql_query, you echo out the contents of that string - your string interpolation makes me nervous (not to mention the massive security hole your PHP has - c.f. SQL injection) Commented Feb 16, 2010 at 14:25
  • Most likely you are having a problem with a data type in your query. Check your database to ensure all values are a string. It is also very important to validate your user input and do not just put it into the database. Commented Feb 16, 2010 at 14:36
  • This kind of error (typo) barks at you if you take a look at your error logs or have some simple development settings in your php.ini like display_errors = On or log_errors = On. Commented Feb 16, 2010 at 15:57
  • oh, I forgot to show what I have in new.php, maybe its the problem. Commented Feb 17, 2010 at 0:01
  • Is that your entire update form in new.php? Where are the rest of the fields like fname ?? Commented Feb 17, 2010 at 11:30

2 Answers 2

Reset to default
2

Typo, there is a missing "," between HOSPNUM and ROOMNUM: SET HOSPNUM='$_POST[hnum]', ROOMNUM=

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

There's a missing comma between CSTAT and AGE as well. STAT2 through STAT8 are missing equals signs.
this is what my new.php looks like(isn't it possible): <td width="168"><input name="hnum" type="text" value="<?php echo $row["HOSPNUM"]; ?>">
The typos are in mysql_query not in the form.
0

The previous comments are absolutely correct. I would recommend using the PDO or MySQLi adapters and use a prepared statement for your record insertion as a bare minimum of security. Using the first name as a unique identifier is a bad idea. Don't you have a primary key column in the table?

To answer your actual question, one the problem is with the array notation in the double-quoted string. There are several equals signs missing from your statement as well. Try this:

mysql_query("
    UPDATE t2
    SET HOSPNUM='" . mysql_real_escape_string($_POST['hnum']) . "',
        ROOMNUM='" . mysql_real_escape_string($_POST['rnum']) . "',
        LASTNAME='" . mysql_real_escape_string($_POST['lname']) . "',
        FIRSTNAME='" . mysql_real_escape_string($_POST['fname']) . "',
        MIDNAME='" . mysql_real_escape_string($_POST['mname']) . "',
        CSTAT='" . mysql_real_escape_string($_POST['cs']) . "',
        AGE='" . mysql_real_escape_string($_POST['age']) . "',
        BDAY='" . mysql_real_escape_string($_POST['bday']) . "',
        ADDRESS='" . mysql_real_escape_string($_POST['ad']) . "',
        STAT='" . mysql_real_escape_string($_POST['stats1']) . "',
        STAT2='" . mysql_real_escape_string($_POST['stats2']) . "',
        STAT3='" . mysql_real_escape_string($_POST['stats3']) . "',
        STAT4='" . mysql_real_escape_string($_POST['stats4']) . "',
        STAT5='" . mysql_real_escape_string($_POST['stats5']) . "',
        STAT6='" . mysql_real_escape_string($_POST['stats6']) . "',
        STAT7='" . mysql_real_escape_string($_POST['stats7']) . "',
        STAT8='" . mysql_real_escape_string($_POST['stats8']) . "',
        NURSE='" . mysql_real_escape_string($_POST['nurse']) . "',
        TELNUM='" . mysql_real_escape_string($_POST['telnum']) . "'
    WHERE FNAME='" . mysql_real_escape_string($_POST['fname']) . "'
");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.