<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 14/04/2012 00:15, David Goodwin wrote:
<blockquote
cite="mid:83F502AF-DE47-40F6-94D2-5ADB32DA8131@codepoets.co.uk"
type="cite">
<div>
<blockquote type="cite">
<div><br>
</div>
</blockquote>
<div><br>
</div>
My approach would be that if 'id' (or $_POST['id']) is not
present, then you'd INSERT into the database, otherwise you'd do
an update. So do a query first, and if it exists, do an update.</div>
<div><br>
</div>
<div>Alternatively, you could use <a moz-do-not-send="true"
href="http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html">http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html</a> ?</div>
<div><br>
</div>
<div><br>
<blockquote type="cite">
<div>1) or can you get id during the insert/save as a
emailable variable - that's probably the easiest cos then
other scripts untouched.?<br>
<br>
</div>
</blockquote>
<div><br>
</div>
<div>I don't understand what you mean as 'emailable variable'.</div>
<div><br>
</div>
<div><br>
</div>
<div>Assuming 'id' is an auto_increment field, then you can get
hold of it after you've done the insert. If you're using the
mysql_ api, your code could look like :</div>
<div><br>
</div>
<div>$success = mysql_query("INSERT INTO my_best_table (field,
gate, hedge) VALUES ('big', 'one', 'prickly');</div>
<div>if($success) { </div>
<div> $id = mysql_insert_id();</div>
<div> echo "Just added a new record Mum - it was $id !!";</div>
<div>}</div>
<br>
</div>
</blockquote>
That's the ticket ;-) Yahoo!<br>
I couldn't get my head around how the user could save a new record,
and the page generate a url based on two variables for the user to
be able to edit ONLY their own record.<br>
So I wanted url/ID&DOB - to edit someone else's record you'd
need to know their database ID (not public apart during test) and
DOB - secure enough for the basic records I keep.<br>
just couldnt figure how to get ID...easy when you have an example
snippet doh.<br>
<br>
<br>
<br>
<br>
<blockquote
cite="mid:83F502AF-DE47-40F6-94D2-5ADB32DA8131@codepoets.co.uk"
type="cite">
<div>
<blockquote type="cite">
<div>2) what i have been mostly attempting to do is create a
hyperlink containing email address and dob during insert
phase eg<br>
../update.php?email=xxx&dob=yyyy so changed id to email
, update.php receives this post data, opens the right
record , got it set to display the correct ID.<br>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
OK. You ought to look at having a unique constraint within the
database based on email & dob in this case.</div>
<div><br>
</div>
<div>Presumably you now have a query like "SELECT * FROM student
WHERE email = '<a moz-do-not-send="true"
href="mailto:blah@blah.com">blah@blah.com</a>' AND dob =
'bl/ah/yyyy'" ?</div>
<div><br>
</div>
<div><br>
</div>
<div>
<blockquote type="cite">
<div>so id is set as $id - so update.php is populated with all
the info needed as when using id and dob to populate.<br>
<br>
</div>
</blockquote>
<div><br>
</div>
OK.</div>
<div><br>
<blockquote type="cite">
<div>Can I get the bugger to save the record to that ID can I
hell?<br>
The ID seems to be present as it appears in update.php, do I
need to do anything special to get it posted to record.php?<br>
<br>
the bits that seem to matter:<br>
<br>
update.php<br>
echo "<form method=\"POST\"
action=\"updaterecordtest.php\">";<br>
echo " <tr>";<br>
echo " <td width=\"35%\">Diver ID</td>";<br>
echo " <td width=\"65%\"><input type=\"text\"
name=\"id\" size=\"35\"
value=\"".$row["id"]."\"></td>";<br>
<br>
(shows correct ID)<br>
<br>
record.php are:<br>
</div>
</blockquote>
<div><br>
</div>
<div>updaterecordtest.php != record.php.</div>
<div><br>
</div>
Put a 'var_dump($_POST);' followed by a 'die("grr")' or
equivalent within the top of post.php and try submitting the
form. </div>
<div><br>
</div>
<div>This is a simple way to tell if the data is arriving as you
expect in post.php.</div>
<div><br>
</div>
</blockquote>
<br>
Ahh, thats useful!<br>
<br>
<br>
<blockquote
cite="mid:83F502AF-DE47-40F6-94D2-5ADB32DA8131@codepoets.co.uk"
type="cite">
<div>
<blockquote type="cite">
<div>$id = $_POST["id"];<br>
<br>
</div>
</blockquote>
<div><br>
</div>
You should really start casting your variables to make sure they
are actually numbers when they should be.</div>
<div><br>
</div>
<div>Also, you need to look into using mysql_real_escape_string -
else you'll find someone with an email address of <a
moz-do-not-send="true" href="mailto:blah.o%27reilly@blah.com">blah.o'reilly@blah.com</a>
breaks your stuff; let alone the fact that your code is
vulnerable to SQL injection.</div>
<div>When echo'ing stuff out you should make sure you sanitise it
with e.g. htmlentities() to avoid Cross Site Scripting issues.
(See <a moz-do-not-send="true"
href="http://php.net/htmlentities">http://php.net/htmlentities</a>)</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
more reading ;-)<br>
<br>
<blockquote
cite="mid:83F502AF-DE47-40F6-94D2-5ADB32DA8131@codepoets.co.uk"
type="cite">
<div>
<blockquote type="cite">
<div>and<br>
if (isset($id))<br>
{<br>
$query = "UPDATE phonelist SET<br>
coname = '$coname',<br>
address1 = '$address1' ,<br>
etc<br>
<br>
WHERE<br>
id = '$id'<br>
";<br>
<br>
etc<br>
<br>
(nothing recorded)<br>
</div>
</blockquote>
</div>
<br>
<div><br>
</div>
<div>Hopefully the above is of some limited use?</div>
<div><br>
</div>
<div>thanks</div>
<div>David.</div>
<div><br>
</div>
<br>
</blockquote>
Excellent, thanks!<br>
<br>
;-)<br>
<br>
Wayne<br>
<br>
<br>
<br>
</body>
</html>