I have this PHP code that I am trying to use to let a user edit a news record in a form and then when they hit the submit button, it will update the record in a database. The problem is that everything works but the record is not actually updated in the database.
Could someone look at my code and see where a problem could occur?
<?php
$title = "Edit News";
include("../includes/header.php");
include("../includes/database.php");
$done = false;
$expected = array('newstitle', 'newscontent', 'id');
if ($_GET && !$_POST) {
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$id = $_GET['id'];
}
else {
$id = NULL;
}
if ($id) {
$sql = "SELECT * FROM news WHERE id = $id";
$result = mysql_query($sql) or die ("Error connecting to database...");
$row = mysql_fetch_assoc($result);
}
// if form has been submitted, update record
if (array_key_exists('update', $_POST)) {
// prepare expected items for insertion into database
foreach ($_POST as $key => $value) {
if (in_array($key, $expected)) {
${$key} = mysql_real_escape_string($value);
}
}
// abandon the process if primary key invalid
if (!is_numeric($id)) {
die('Invalid request');
}
// prepare the SQL query
$query = "UPDATE news SET title = '$title', content = '$content' WHERE id = $id";
// submit the query
$done = mysql_query($query) or die("Error connecting to database...");
}
}
// redirect page if $id is invalid
if ($done) {
header("Location: $ROOT/admin/listnews.php");
exit;
}
?>
If you run that UPDATE from the mysql cli with the same data the user sends does it update?
If not check for escaping characters.
if ($_GET && !$_POST) {
...
if (array_key_exists('update', $_POST)) {
Won't that ensure the update code never fires?
Should $content and $title in the line below be $newstitle and $newscontent?
// prepare the SQL query
$query = "UPDATE news SET title = '$newstitle', content = '$newscontent' WHERE id = $id";
Couple of things to try and narrow down the problem:
if (array_key_exists('update', $_POST)) block to make sure you're actually getting in there. The top of your "if" is if($_GET && !$_POST), so you may need to change this $_POST to $_GET$query just before the db call? Does it run on the command line mysql interface ok?foreach ($_POST as $key => $value) is correct, you'll end up setting variables with the same names as those in $expected - ($newstitle, $newscontent, $id) - but in your sql reference $content and $title. They may be the cause of this bug, but something to keep an eye out for.It's a little hard to know exactly what's going on without seeing the HTML source of your form, but I think that the
if (array_key_exists('update', $_POST)) {
block needs to be moved out of the outer if, since it will never be executed if it's there.
If you don't want to use some sort of testing framework, print() is your friend when it comes to debugging your code. Try to find what's executing and what's not; you'll quickly discover which of your assumptions are incorrect, and therefore where the bug is.
Take this if statement out of the nested if:
if (array_key_exists('update', $_POST)) {
...
}
and then add this conditional:
if (count($_POST) && array_key_exists('update', $_POST)) {
...
}
I'm pretty sure that will take care of your problem.