php - Corrected & Working Code. HORRAY -
here corrected , working code! give thanks help! hope help else well!
mysqli_real_escape_string($con, $post['...']);
mysqli_real_escape_string required field text area in html form :)
<?php include "../include/connect.php"; $id = $_post['id']; $progress = $_post['progress']; $customer= $_post['customer']; $project = $_post['project']; $lot = $_post['lot']; $contact = $_post['contact']; $service = $_post['service']; $instructions = mysqli_real_escape_string($con, $_post['instructions']); $due = $_post['due']; $priority = $_post['priority']; $tech = $_post['tech']; $fullfillment = $_post['fullfillment']; $servicedate = $_post['servicedate']; $chemical_1 = $_post['chemical_1']; $chemical_1_qty = $_post['chemical_1_qty']; $issues = mysqli_real_escape_string($con, $_post['issues']); $authorization = $_post['authorization']; $purchaseorder = $_post['purchaseorder']; $billingnotes= mysqli_real_escape_string($con, $_post['billingnotes']); $chemical_1_billable = $_post['chemical_1_billable']; $invoice = $_post['invoice']; $invoice_date = $_post['invoice_date']; $query = $con->prepare("update form_schedule set progress =?, client =?, project=?, lot=?, contact=?, service=?, instructions=?, due=?, priority=?, tech=?, fullfillment=?, servicedate=?, chemical_1=?, chemical_1_qty=?, issues=?, authorization=?, purchaseorder=?, billingnotes=?, chemical_1_billable=?, invoice=?, invoice_date=? id=$id"); $query->bind_param("sssssssssssssssssssss", $progress, $customer, $project, $lot, $contact, $service, $instructions, $due, $priority, $tech, $fullfillment, $servicedate, $chemical_1, $chemical_1_qty, $issues, $authorization, $purchaseorder, $billingnotes, $chemical_1_billable, $invoice, $invoice_date); if ($query->execute()) { header('location: /index.php'); } $con->close(); ?>
here's redux of problems identified others in comments above. i'll mark reply community wiki.
you should checking success/failure status after every prepare() , every execute(). homecoming false if there's problem, , need check that, , more info mysqli_error(). see examples @ http://php.net/mysqli_error
alternatively, enable mysqli throw exceptions, if you're comfortable using exceptions. add together error reporting top of file(s):
error_reporting(e_all); ini_set('display_errors', 1); mysqli_report(mysqli_report_error | mysqli_report_strict); this include "..connect.php"; invalid (unless connect script filename starts 2 dots). may have meant include "../connect.php"; or similar.
you have missing trailing commas progress='$progress' etc. doing suggestions should prepare code. should read progress='$progress', customer='$customer', etc. except lastly one.
order reserved word. wrap in backticks or take word orders example.
you can't bind parameters because have not used parameter placeholders in query, you've interpolated variables (which based verbatim on $_post variables, bad sql injection vulnerability). see like:
... set progress = ?, client = ?, ... see examples @ http://php.net/manual/en/mysqli-stmt.bind-param.php
php mysql url mysqli http-post
No comments:
Post a Comment