code doesn't update

[richfield]

Hi,

Im trying to update a Mysql table, but the following code does not seem to do it its not throwing up anu error messages either:

<code>
$LandlordID=$_REQUEST['id'];
if ($_POST['submit'] == "Update")
{


$query_update = "UPDATE landlord SET password = '" . $_POST['password'] . "', mobile
= '" . $_POST['mobile'] . "' WHERE userID ='$LandlordID'";
$result_update = mysql_query($query_update) or die(mysql_error());

$query = "SELECT * FROM landlord WHERE userID='$LandlordID'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);

?>

</code>

Is there any obvious error??

 

[aardvark92]

Is this the entire code? I don't see where you are connecting to the database.

 

[cLFlaVA]

nor where he's even closing the if statement.

*cLFlaVA
----------------------------
[tt]tastes great, less filling.[/tt]

 

[Olavxxx]

this is a rotten egg:

$LandlordID=$_REQUEST['id'];

not very good for security.

Also, did you give your submit button the value "Update"?

<input type="submit" name="submit" value="Update" />

Also, put at the end of your query:

LIMIT 0, 1

I would also not use the $_REQUEST.
When the user logs in, you can set the user_id in session or in a $_POST['uid'] variable. You do not want to set userid = $_REQUEST.., as then an abuser can go and change the variable in the querystring!!

http://no.php.net/register_globals

Also remember to secure your strings against abuse, before they touch your database!

http://www.php.net/mysql_real_escape_string

http://www.php.net/trim

http://www.php.net/strip_tags

I might have forgotten some now, but with theese mods, your script is much safer.

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster