• Welcome to Valhalla Legends Archive.
 

Update record using an HTML form

Started by ChroniX, March 21, 2008, 03:38 PM

Previous topic - Next topic

ChroniX

Any suggestions as to how this can be done?  I can't seem to find anything on google, or anywhere on the web for that matter, about using an HTML form to update a record in a MySQL table.

Just wondering if anyone knows of a tutorial for this.  I have found other ways to update records, but with other web languages I have yet to learn.

Dale

I could be be wrong, but I'm pretty sure you can't update a MySQL table with let alone HTML, you need a server-side scripting language to assist you (ie. PHP, ASP)..

Someone correct me if I'm wrong.

ChroniX

Well I am using PHP to write my scripts.  As for my previous statement, I'm just wondering if this can be done with HTML and PHP.

iago

This should work, or very nearly work:


<?
  if(!isset($_POST['text']))
  {
    print "<form action='post'>";
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}


Note: totally untested. It assumes you have a MySQL server running. Look up the mysql_* functions I use there for info on authentication, error handling, and so forth.

Good luck!
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MyndFyre

I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string.  Nice job!
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Quote from: MyndFyre[vL] on March 21, 2008, 08:15 PM
I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string.  Nice job!
That's like the #1 reason I actually responded. I wanted to make sure he had that. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


ChroniX

Don't you mean

<?
  if(!isset($_POST['text']))
  {
    print "<form action='' method'post'>"; // changed this line
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}


Heh, may be wrong, probably am.

warz

Quote from: ChroniX on May 02, 2008, 12:01 PM
Don't you mean

<?
  if(!isset($_POST['text']))
  {
    print "<form action='' method'post'>"; // changed this line
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}


Heh, may be wrong, probably am.

no, that woudn't work, either.

Dale


<?
  if(!isset($_POST['text']))
  {
    print "<form method='post'>"; // changed this line x2, you don't need form action in a situation like this.
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}

Barabajagal

Uh, actually, action is a required attribute according to W3C.

MyndFyre

So it won't validate.  I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Warrior

Quote from: Andy on May 03, 2008, 06:28 PM
Uh, actually, action is a required attribute according to W3C.

w3c is like the internet mafia
dont anger them
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Barabajagal

That's no excuse. It's HTML, it's not that hard to do it right!

Banana fanna fo fanna

w3c can go and die. i wish ietf ran the web.

Dale

Quote from: Andy on May 03, 2008, 06:28 PM
Uh, actually, action is a required attribute according to W3C.

I know it sounds petty, but why take up more room in a file for something that totally is useless to have?