FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Database not update. Where is my wrong code?





the-guide
I wrote this code in order to change an order status for my online shop but the database doesn't
update when I try to change the status (paystatus).

Please review my script below...

<form method="post" action="ChangeStatus.php">
<input name="refid2" type="hidden" id="refid" value=<? echo "$refid"; ?>>
<select name="paystatus" class="input" id="paystatus">
<option>Select Order Status</option>
<option value="11111">Checking</option>
<option value="22222">Preparing</option>
<option value="99999">Shipping</option>
</select>
<input name="submit" type="submit" class="submit" value=">>">
</form>


And in ChangeStatus.php I use this code...

$sql_data = "update tb_order set paystatus='$_POST[paystatus]' where refid = '$_POST[refid]'";

I try to find where is my mistake but not found.

Have anyone here can help me please?
Could you please find out where is my wrong code?

Thank you very much in advance.

.
.
thnn
the-guide wrote:
I wrote this code in order to change an order status for my online shop but the database doesn't
update when I try to change the status (paystatus).

Please review my script below...

<form method="post" action="ChangeStatus.php">
<input name="refid2" type="hidden" id="refid" value=<? echo "$refid"; ?>>
<select name="paystatus" class="input" id="paystatus">
<option>Select Order Status</option>
<option value="11111">Checking</option>
<option value="22222">Preparing</option>
<option value="99999">Shipping</option>
</select>
<input name="submit" type="submit" class="submit" value=">>">
</form>


And in ChangeStatus.php I use this code...

$sql_data = "update tb_order set paystatus='$_POST[paystatus]' where refid = '$_POST[refid]'";

I try to find where is my mistake but not found.

Have anyone here can help me please?
Could you please find out where is my wrong code?

Thank you very much in advance.

.
.


Without testing it, and being absolutely sure, I would say it has something to do with $_POST[refid] not being set. I would think $_POST[refid2] would be set instead and so in your sql statement, you need that instead, as the name of your field is refid2, and I am pretty sure it is the name that is set as the key, not the id of the field.

Further you need to make sure those inputs are escaped before you execute the query, because for example what would happen if I submitted " 0'; select * from tb_order where paystatus='11111 " for the value of refid
the-guide
@thnn

Oh! Thank you for your suggestion, "thnn". I've found it with your help, that just my wrong typing.
It's should not "refid2" but must be "refid" instead. Brick wall

It was solved. Very Happy

Thank you very much again.

.
.
.
macky
I agree to thnn, besides the naming convention you use seems dangerous. In my own experience, as much as possible i use unique naming convention to each variable and static name or function, class, method and etc.. Coz when i program for almost 12 hours non-stop, i feel my eyes sees them as they almost the same..

And another one, i don't tend to directly pass any global variables within the query. I use validate then sanitise method. And to get the most detailed error messages, i use xdebug and make real time validator within the ide.
Fire Boar
I'd just love to get your form and post the value

'); --

into your paystatus select dialog. It's very easy to add values that you did not intend the user to post. The one in question will delete all paystatus entries in your table. Try it and see! You can use tools such as Firebug to modify your HTML on the fly and add an extra option.
the-guide
@macky @Fire Boar

Thanks to "macky" and "Fire Boar" for your additional advice. I will try that.

.
.
.
Related topics
[PhP] News Posting Tutorial (code, actually ^^')
setup.php
PacMan Tutorial
unexpected T_VARIABLE, expecting
please update my site code!- I can pay 20 frih$
mysql wont delete [solved]
Using SQL to retrieve database information
problem with SQL
Setting up a Database
Registration page, i really need some help!
Fix up a login script
Whats the problem of my code? Help please
admin page troubles
problem with login script
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.