I have a bit of code which updates a table called job, but once the the page is executed it does not update the table. Here is the code:
$item = isset($_POST['item']);
$ref = isset($_POST['ref']);
$con = mysql_connect("$host","$username","$password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("$db_name", $con);
$sql="UPDATE job SET item = '$item' WHERE ref='$ref'";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
header("location:index.php");
I have echoed out the $ref variable and it is there but it won't work if I put it in the WHERE clause.
$ref = isset($_POST['ref']);
I have echoed out the $ref variable and it is there
You aren't assigning the actual value of $_POST['ref'], you're only assigning whether or not it is set. Try:
$ref = isset($_POST['ref']) ? mysql_real_escape_string($_POST['ref']) : NULL;
You can check your query by reading the SQL string you've created: exit($sql)
See also: What is SQL injection?
$item = isset($_POST['item']);
$ref = isset($_POST['ref']);
by this two statements, variables will have 0 or 1 as values ...better write this way..
$item = (isset($_POST['item']) == 1 ? $_POST['item'] : '');
$ref = (isset($_POST['ref']) == 1 ? $_POST['ref'] : '');
if($item !='' && $ref !=''){
// your update query
}