[RESOLVED] echo a defined variable

darkdestroyer

Hi All,

I have been a bit baffled by my code below.
I have defined two varibales

$ContactID
$AccountID

My insert query below uses both of them in the WHERE statement.
But when i echo them, it only ever displays the $_ContactID.

Can anyone see what im doing wrong?

Thanks,

code:

    <?php

$_ContactID = $_REQUEST["ContactID"];
$_AccountID = $_REQUEST["AccountID"];
$_Esc1Name = $_REQUEST["Esc1Name"];
$_Esc1Position = $_REQUEST["Esc1Position"];
$_Esc1Phone1 = $_REQUEST["Esc1Phone1"];
$_Esc1Phone2 = $_REQUEST["Esc1Phone2"];
$_Esc1Notes = $_REQUEST["Esc1Notes"];



$link = mysql_connect("localhost", "user","password") or die(mysql_error());
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

 mysql_select_db("peoplesafe") or die(mysql_error());

$sql="UPDATE contacts SET 
Esc1Name='$_Esc1Name',
Esc1Position='$_Esc1Position',
Esc1Phone1='$_Esc1Phone1',
Esc1Phone2='$_Esc1Phone2',
Esc1Notes='$_Esc1Notes',
ModifiedBy='USER'
WHERE ContactID='$_ContactID' and AccountID='$_AccountID'";
  $query = mysql_query($sql);

if ($query) {
echo $_AccountID;
echo $_ContactID;
exit;
} 
       	mysql_close();





?>

darkdestroyer

PS the insert statment works fine.

bradgrafelman

Use [man]var_dump/man to examine the contents of a variable.

And note that just because a variable is "defined" doesn't mean it has a value. For example, all of these variable definitions:

$_ContactID = $_REQUEST["ContactID"]; 
$_AccountID = $_REQUEST["AccountID"]; 
$_Esc1Name = $_REQUEST["Esc1Name"]; 
$_Esc1Position = $_REQUEST["Esc1Position"]; 
$_Esc1Phone1 = $_REQUEST["Esc1Phone1"]; 
$_Esc1Phone2 = $_REQUEST["Esc1Phone2"]; 
$_Esc1Notes = $_REQUEST["Esc1Notes"];

will generate E_NOTICE level error messages if the corresponding external variable doesn't exist. As such, you should always check to see if an external variable exists (e.g. via [man]isset/man or [man]empty/man) before you attempt to use it.

Finally, note two other important problems with your code:

The entire [man]mysql[/man] extension is very outdated and is deprecated in favor of newer extensions such as [man]MySQLi[/man] or [man]PDO[/man]. See [man]mysqlinfo.api.choosing[/man] for more info.
You should never place user-supplied data directly into a SQL query, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data, such as by using [man]mysqli_real_escape_string/man (for string data) or by using prepared statements.

darkdestroyer;11016071 wrote:
PS the insert statment works fine.

P.P.S. There is no "insert statment[sic]" in the code you posted.

darkdestroyer

Thanks for the pointers, it turned out to be a simple caching issue with my browser :bemused: