Help please!

kiju111

I am making a script where users can add a poll and at the moment it all works fine without any errors but their question and options dont appear in the database. here is the script that i was trying.....i realise that there are probably a lot of things wrong with it!

$hostname = '*****************;
$username = '*******';
$password = '*************';
$dbname = '********';
$usertable = '*******;

if(!isset($_POST['question']) || $_POST['question'] == ''){
    die('question not entered.');
} else {
    $question = $_POST['question'];	
}

if(!isset($_POST['optionone']) || $_POST['optionone'] == ''){
    die('option one not entered.');
} else {
    $optionone = $_POST['optionone'];
}
if(!isset($_POST['optiontwo']) || $_POST['optiontwo'] == ''){
    die('[option two not entered.');
} else {
    $optiontwo = $_POST['optiontwo'];
}
if(!isset($_POST['optionthree']) || $_POST['optionthree'] == ''){
    die('option three not entered.');
} else {
    $optionthree = $_POST['optionthree'];


mysql_connect($hostname,$username, $password)
    or die('Unable to connect to database!');

mysql_select_db($dbname)
    or die('Cannot select db');

$sql="update members set question='$question', optionone='$optionone',optiontwo='$optiontwo', optionthree='$optionthree' where username='$ses_username";
					$updated=true;
					mysql_query($sql);
				}

mysql_close();

NogDog

Try adding some error-checking when you do the update query:

mysql_query($sql) or die("Update query failed ($sql) - " . mysql_error());
if(!mysql_affected_rows())
{
   user_error("No rows updated ($sql)");
}

This way if the query fails or does not update any rows, you will see the query as it was actually submitted to MySQL, along with any MySQL error message.

paulnaj

Hi,
You're missing two single-quotes on the first line and the 5th line ... but I assume that was done when you ***'d out your hostname etc.

Apart from that, there doesn't seem to anything wrong with the syntax.

You're going to have to check what is actually being sent to this page (without entering anything in to the db).

You could put the following at the very top of your script ...

echo '<pre>'; var_dump($_POST); echo '</pre>';
exit;

... and see if it is what you expect.

Paul

PS You should think about cleaning up any data sent to this page before inserting into your db (at minimum, use mysql_real_escape_string()).