Any suggestions as to how this can be done? I can't seem to find anything on google, or anywhere on the web for that matter, about using an HTML form to update a record in a MySQL table.
Just wondering if anyone knows of a tutorial for this. I have found other ways to update records, but with other web languages I have yet to learn.
I could be be wrong, but I'm pretty sure you can't update a MySQL table with let alone HTML, you need a server-side scripting language to assist you (ie. PHP, ASP)..
Someone correct me if I'm wrong.
Well I am using PHP to write my scripts. As for my previous statement, I'm just wondering if this can be done with HTML and PHP.
This should work, or very nearly work:
<?
if(!isset($_POST['text']))
{
print "<form action='post'>";
print "<input type='text' name='text'>";
print "<input type='submit'>";
print "</form>";
}
else
{
$text = mysql_escape_string($_POST['text']);
$dbconn = mysql_connect("localhost");
mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
mysql_close($dbconn);
print "Updated if there weren't any errors";
}
}
Note: totally untested. It assumes you have a MySQL server running. Look up the mysql_* functions I use there for info on authentication, error handling, and so forth.
Good luck!
I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string. Nice job!
Quote from: MyndFyre[vL] on March 21, 2008, 08:15 PM
I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string. Nice job!
That's like the #1 reason I actually responded. I wanted to make sure he had that. :)
Don't you mean
<?
if(!isset($_POST['text']))
{
print "<form action='' method'post'>"; // changed this line
print "<input type='text' name='text'>";
print "<input type='submit'>";
print "</form>";
}
else
{
$text = mysql_escape_string($_POST['text']);
$dbconn = mysql_connect("localhost");
mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
mysql_close($dbconn);
print "Updated if there weren't any errors";
}
}
Heh, may be wrong, probably am.
Quote from: ChroniX on May 02, 2008, 12:01 PM
Don't you mean
<?
if(!isset($_POST['text']))
{
print "<form action='' method'post'>"; // changed this line
print "<input type='text' name='text'>";
print "<input type='submit'>";
print "</form>";
}
else
{
$text = mysql_escape_string($_POST['text']);
$dbconn = mysql_connect("localhost");
mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
mysql_close($dbconn);
print "Updated if there weren't any errors";
}
}
Heh, may be wrong, probably am.
no, that woudn't work, either.
<?
if(!isset($_POST['text']))
{
print "<form method='post'>"; // changed this line x2, you don't need form action in a situation like this.
print "<input type='text' name='text'>";
print "<input type='submit'>";
print "</form>";
}
else
{
$text = mysql_escape_string($_POST['text']);
$dbconn = mysql_connect("localhost");
mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
mysql_close($dbconn);
print "Updated if there weren't any errors";
}
}
Uh, actually, action is a required attribute according to W3C.
So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly.
Quote from: Andy on May 03, 2008, 06:28 PM
Uh, actually, action is a required attribute according to W3C.
w3c is like the internet mafia
dont anger them
That's no excuse. It's HTML, it's not that hard to do it right!
w3c can go and die. i wish ietf ran the web.
Quote from: Andy on May 03, 2008, 06:28 PM
Uh, actually, action is a required attribute according to W3C.
I know it sounds petty, but why take up more room in a file for something that totally is useless to have?
Because it's text based? If they were going for efficiency, HTML files would be complied like applications.
Quote from: Dale on May 04, 2008, 12:38 AM
I know it sounds petty, but why take up more room in a file for something that totally is useless to have?
Quote from: MyndFyre[vL] on May 03, 2008, 09:14 PM
So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly.
hopefully neither of you two are web developers.
Wow... Warz and I agree on something?
Quote from: betawarz on May 04, 2008, 02:14 AM
Quote from: Dale on May 04, 2008, 12:38 AM
I know it sounds petty, but why take up more room in a file for something that totally is useless to have?
Quote from: MyndFyre[vL] on May 03, 2008, 09:14 PM
So it won't validate. I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly.
hopefully neither of you two are web developers.
Haha, cute.
Too bad I am though.
then please, write standards-compliant markup. myndfyre, go read about W3C.
Quote from: betawarz on May 04, 2008, 12:26 PM
then please, write standards-compliant markup. myndfyre, go read about W3C.
Personally, when I do a professional website for companies, I do write "standard-compliant markup"... I never said I didin't.
Quote from: Andy on May 04, 2008, 12:54 AM
Because it's text based? If they were going for efficiency, HTML files would be complied like applications.
yeah, and we don't need comments in our source code, either
Comments are useless to the application, but let's not get too far off topic, now!
Quote from: Andy on May 04, 2008, 02:37 PM
Comments are useless to the application, but let's not get too far off topic, now!
You mean, the topic of how to update a database using PHP?
Ya... Personally I think Echo would be the better use here, as per the description of the differences outlined in this page (http://www.faqts.com/knowledge_base/view.phtml/aid/1/fid/40).
Just to get back on topic, I'm surprised no one has mentioned using the mysqli functions instead of the mysql functions. It lets you do prepared statements with parameter binding instead of worrying about escaping strings, magic quotes, and what not.
http://devzone.zend.com/node/view/id/686