[Resolved] Need help with edit script

n00854180t

Yet again I can't seem to get my edit script to input anything into the DB:

<link href="bord.css" rel="stylesheet" type="text/css">

<?php

include("dbconn.php");		// Connect to the DB


if ($id && $sec) {					// If the id is the same as in the db
	if($submit) {			// If submitted the form

	$sql = "UPDATE characters SET cName='$txtName',cPass='".md5($txtPass)."',cEmpire='$txtEmpire',cRank='$txtRank',cCRank='$txtCRank',cOutfit='$txtOutfit' WHERE id='$id' AND cPass='$sec'";
		echo $sql;
		$result = mysql_query($sql) or die(mysql_error());

		echo "Thank you, information updated.  Please <a href=login3.php>login</a>.\n";


} else {

	$sql = "SELECT * FROM characters WHERE id='$id' AND cPass='$sec'"; 
		$result = mysql_query($sql) or die(mysql_error());
		$myrow = mysql_fetch_array($result);
}
}




?>

<form method="post" action="<?php echo $PHP_SELF?>">
Character Name: <br><input class="text" type="Text" name="txtName" value="<?php echo $myrow["cName"] ?>"><br>
Password: <br><input class="text" type="password" name="txtPass"><br>
Empire: <br><select  class="text" name="txtEmpire">
<?php
$vsSel = "empire_vs-logo.gif";
$trSel = "empire_tr-logo.gif";
$ncSel = "empire_nc-logo.gif";

if ($myrow["cEmpire"] == $vsSel) {       

   echo "<option value='empire_vs-logo.gif' SELECTED>Vanu Sovereignty</option> "; 
   echo "<option value='empire_tr-logo.gif'>Terran Republic</option> "; 
   echo "<option value='empire_nc-logo.gif'>New Conglomerate</option> "; 
   } elseif ($myrow["cEmpire"] == $trSel) { 
   echo "<option value='empire_vs-logo.gif'>Vanu Sovereignty</option> "; 
   echo "<option value='empire_tr-logo.gif' SELECTED>Terran Republic</option> "; 
   echo "<option value='empire_nc-logo.gif'>New Conglomerate</option> "; 
} elseif ($myrow["cEmpire"] == $ncSel) { 
   echo "<option value='empire_vs-logo.gif'>Vanu Sovereignty</option> "; 
   echo "<option value='empire_tr-logo.gif'>Terran Republic</option> "; 
   echo "<option value='empire_nc-logo.gif' SELECTED>New Conglomerate</option> "; 
} ?>
</select><br>
Rank: <br><input class="text" type="Text" name="txtRank" value="<?php echo $myrow["cRank"] ?>"><br>
Command Rank: <br><input class="text" type="Text" name="txtCRank" value="<?php echo $myrow["cCRank"] ?>"><br>
Outfit: <br><input class="text" type="Text" name="txtOutfit" value="<?php echo $myrow["cOutfit"] ?>"><br>
<input class="submit" type="Submit" name="submit" value="Submit">
<input type="hidden" name="id" value="<?php echo $myrow["id"] ?>">
<input type="hidden" name="sec" value="<?php echo $myrow["cPass"] ?>">
    </form>

lanjoky

 if($submit) {            // If submitted the form

should be

 if($_POST['submit']) {            // If submitted the form

and

$sql = "UPDATE characters SET cName='$txtName',cPass='".md5($txtPass)." ',cEmpire='$txtEmpire',cRank='$txtRank',cCRank='$t
xtCRank',cOutfit='$txtOutfit' WHERE id='$id' AND cPass='$sec'";

should be

$sql = "UPDATE characters SET cName='$_POST['txtName']',cPass='".md5($_POST['txtPass'])." ',cEmpire='$_POST['txtEmpire']',cRank='$_POST['txtRank']',cCRank='$_POST['txtCRank']',cOutfit='$_POST['txtOutfit']' WHERE id='$_POST['id']' AND cPass='$_POST['sec']'";

HTH

n00854180t

the first thign worked thanks!

stolzyboy

just an FYI:

those suggestion lanjoky will only be necessary if, and only if, register_globals = Off

and i believe that the way you have the query would make it choke also, you have your $row['vars'] inside single quotes, that isn't gonna work

what i suggest is either to hop in and out (concatenation) of the quoted string, or set $variable = $row['variable'];

then you can use it single ticked in your query

n00854180t

The query seems to work fine now that I changed $submit to $_POST["submit"].