| Author | Message | Time |
|---|---|---|
| Chronix | Any suggestions as to how this can be done? I can't seem to find anything on google, or anywhere on the web for that matter, about using an HTML form to update a record in a MySQL table. Just wondering if anyone knows of a tutorial for this. I have found other ways to update records, but with other web languages I have yet to learn. | March 21, 2008, 8:38 PM |
| dlStevens | I could be be wrong, but I'm pretty sure you can't update a MySQL table with let alone HTML, you need a server-side scripting language to assist you (ie. PHP, ASP).. Someone correct me if I'm wrong. | March 21, 2008, 9:46 PM |
| Chronix | Well I am using PHP to write my scripts. As for my previous statement, I'm just wondering if this can be done with HTML and PHP. | March 21, 2008, 11:12 PM |
| iago | This should work, or very nearly work: [code] <? if(!isset($_POST['text'])) { print "<form action='post'>"; print "<input type='text' name='text'>"; print "<input type='submit'>"; print "</form>"; } else { $text = mysql_escape_string($_POST['text']); $dbconn = mysql_connect("localhost"); mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn); mysql_close($dbconn); print "Updated if there weren't any errors"; } } [/code] Note: totally untested. It assumes you have a MySQL server running. Look up the mysql_* functions I use there for info on authentication, error handling, and so forth. Good luck! | March 22, 2008, 12:56 AM |
| Myndfyr | I was going to say "WHOA, SQL INJECTION FROM iAGO" but then I saw you had mysql_escape_string. Nice job! | March 22, 2008, 1:15 AM |
| iago | [quote author=MyndFyre[vL] link=topic=17399.msg177161#msg177161 date=1206148548] I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string. Nice job! [/quote] That's like the #1 reason I actually responded. I wanted to make sure he had that. :) | March 23, 2008, 3:07 PM |
| Chronix | Don't you mean [code]<? if(!isset($_POST['text'])) { print "<form action='' method'post'>"; // changed this line print "<input type='text' name='text'>"; print "<input type='submit'>"; print "</form>"; } else { $text = mysql_escape_string($_POST['text']); $dbconn = mysql_connect("localhost"); mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn); mysql_close($dbconn); print "Updated if there weren't any errors"; } }[/code] Heh, may be wrong, probably am. | May 2, 2008, 5:01 PM |
| warz | [quote author=ChroniX link=topic=17399.msg178057#msg178057 date=1209747674] Don't you mean [code]<? if(!isset($_POST['text'])) { print "<form action='' method'post'>"; // changed this line print "<input type='text' name='text'>"; print "<input type='submit'>"; print "</form>"; } else { $text = mysql_escape_string($_POST['text']); $dbconn = mysql_connect("localhost"); mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn); mysql_close($dbconn); print "Updated if there weren't any errors"; } }[/code] Heh, may be wrong, probably am. [/quote] no, that woudn't work, either. | May 3, 2008, 10:26 PM |
| dlStevens | [code] <? if(!isset($_POST['text'])) { print "<form method='post'>"; // changed this line x2, you don't need form action in a situation like this. print "<input type='text' name='text'>"; print "<input type='submit'>"; print "</form>"; } else { $text = mysql_escape_string($_POST['text']); $dbconn = mysql_connect("localhost"); mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn); mysql_close($dbconn); print "Updated if there weren't any errors"; } } [/code] | May 3, 2008, 11:11 PM |
| Barabajagal | Uh, actually, action is a required attribute according to W3C. | May 3, 2008, 11:28 PM |
| Myndfyr | So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly. | May 4, 2008, 2:14 AM |
| Quarantine | [quote author=Andy link=topic=17399.msg178076#msg178076 date=1209857327] Uh, actually, action is a required attribute according to W3C. [/quote] w3c is like the internet mafia dont anger them | May 4, 2008, 2:44 AM |
| Barabajagal | That's no excuse. It's HTML, it's not that hard to do it right! | May 4, 2008, 3:14 AM |
| St0rm.iD | w3c can go and die. i wish ietf ran the web. | May 4, 2008, 4:33 AM |
| dlStevens | [quote author=Andy link=topic=17399.msg178076#msg178076 date=1209857327] Uh, actually, action is a required attribute according to W3C. [/quote] I know it sounds petty, but why take up more room in a file for something that totally is useless to have? | May 4, 2008, 5:38 AM |
| Barabajagal | Because it's text based? If they were going for efficiency, HTML files would be complied like applications. | May 4, 2008, 5:54 AM |
| Myndfyr | [quote author=Banana fanna fo fanna link=topic=17399.msg178080#msg178080 date=1209875591] w3c can go and die. i wish ietf ran the web. [/quote] Or even IEEE. | May 4, 2008, 6:05 AM |
| warz | [quote author=Dale link=topic=17399.msg178081#msg178081 date=1209879504] I know it sounds petty, but why take up more room in a file for something that totally is useless to have? [/quote] [quote author=MyndFyre[vL] link=topic=17399.msg178077#msg178077 date=1209867298] So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly. [/quote] hopefully neither of you two are web developers. | May 4, 2008, 7:14 AM |
| Barabajagal | Wow... Warz and I agree on something? | May 4, 2008, 7:25 AM |
| dlStevens | [quote author=betawarz link=topic=17399.msg178084#msg178084 date=1209885288] [quote author=Dale link=topic=17399.msg178081#msg178081 date=1209879504] I know it sounds petty, but why take up more room in a file for something that totally is useless to have? [/quote] [quote author=MyndFyre[vL] link=topic=17399.msg178077#msg178077 date=1209867298] So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly. [/quote] hopefully neither of you two are web developers. [/quote] Haha, cute. Too bad I am though. | May 4, 2008, 4:45 PM |
| warz | then please, write standards-compliant markup. myndfyre, go read about W3C. | May 4, 2008, 5:26 PM |
| dlStevens | [quote author=betawarz link=topic=17399.msg178090#msg178090 date=1209921995] then please, write standards-compliant markup. myndfyre, go read about W3C. [/quote] Personally, when I do a professional website for companies, I do write "standard-compliant markup"... I never said I didin't. | May 4, 2008, 5:33 PM |
| St0rm.iD | [quote author=Andy link=topic=17399.msg178082#msg178082 date=1209880481] Because it's text based? If they were going for efficiency, HTML files would be complied like applications. [/quote] yeah, and we don't need comments in our source code, either | May 4, 2008, 7:25 PM |
| Barabajagal | Comments are useless to the application, but let's not get too far off topic, now! | May 4, 2008, 7:37 PM |
| Myndfyr | [quote author=Andy link=topic=17399.msg178094#msg178094 date=1209929853] Comments are useless to the application, but let's not get too far off topic, now! [/quote] You mean, the topic of how to update a database using PHP? | May 4, 2008, 7:43 PM |
| Barabajagal | Ya... Personally I think Echo would be the better use here, as per the description of the differences outlined in this page. | May 4, 2008, 7:59 PM |
| K | Just to get back on topic, I'm surprised no one has mentioned using the mysqli functions instead of the mysql functions. It lets you do prepared statements with parameter binding instead of worrying about escaping strings, magic quotes, and what not. http://devzone.zend.com/node/view/id/686 | May 4, 2008, 8:00 PM |