Update record using an HTML form

[ChroniX]

Any suggestions as to how this can be done?  I can't seem to find anything on google, or anywhere on the web for that matter, about using an HTML form to update a record in a MySQL table.

Just wondering if anyone knows of a tutorial for this.  I have found other ways to update records, but with other web languages I have yet to learn.

[Dale]

I could be be wrong, but I'm pretty sure you can't update a MySQL table with let alone HTML, you need a server-side scripting language to assist you (ie. PHP, ASP)..

Someone correct me if I'm wrong.

[ChroniX]

Well I am using PHP to write my scripts.  As for my previous statement, I'm just wondering if this can be done with HTML and PHP.

[iago]

This should work, or very nearly work:

Code Select Expand


<?
  if(!isset($_POST['text']))
  {
    print "<form action='post'>";
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}


Note: totally untested. It assumes you have a MySQL server running. Look up the mysql_* functions I use there for info on authentication, error handling, and so forth.

Good luck!

[MyndFyre]

I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string.  Nice job!

[iago]

I was going to say "WHOA, SQL INJECTION FROM iago" but then I saw you had mysql_escape_string.  Nice job!

That's like the #1 reason I actually responded. I wanted to make sure he had that.

[ChroniX]

Don't you mean

Code Select Expand

<?
  if(!isset($_POST['text']))
  {
    print "<form action='' method'post'>"; // changed this line
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}

Heh, may be wrong, probably am.

[warz]

Don't you mean

Code Select Expand

<?
  if(!isset($_POST['text']))
  {
    print "<form action='' method'post'>"; // changed this line
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}

Heh, may be wrong, probably am.

no, that woudn't work, either.

[Dale]

Code Select Expand


<?
  if(!isset($_POST['text']))
  {
    print "<form method='post'>"; // changed this line x2, you don't need form action in a situation like this.
    print "<input type='text' name='text'>";
    print "<input type='submit'>";
    print "</form>";
  }
  else
  {
    $text = mysql_escape_string($_POST['text']);
    $dbconn = mysql_connect("localhost");
    mysql_query("INSERT INTO `table` (`field1`) VALUES ('$text')", $dbconn);
    mysql_close($dbconn);

    print "Updated if there weren't any errors";
  }
}


[Barabajagal]

Uh, actually, action is a required attribute according to W3C.

[MyndFyre]

So it won't validate.  I'm pretty sure that browsers (something that isn't made by the W3C) are still going to run the page correctly.

[Warrior]

Uh, actually, action is a required attribute according to W3C.

w3c is like the internet mafia
dont anger them

[Barabajagal]

That's no excuse. It's HTML, it's not that hard to do it right!

[Banana fanna fo fanna]

w3c can go and die. i wish ietf ran the web.

[Dale]

Uh, actually, action is a required attribute according to W3C.

I know it sounds petty, but why take up more room in a file for something that totally is useless to have?