Stupid Question

[NodeBytes]

Alright, so here's my problem, and it's probably an easy fix, I'm just out of it from a long coding session.

This is a php and mysql question...

I want to update the title field where id = $id

$id is a variable passed through the URI and I know how to grab that. I just can't seem to get the page to update the field called "title" where the record id = $id.

Hope that makes sense. If you have questions feel free to ask.

Thanks for your help,

Brendan

 

[qrwteyrutiyoup]

Do you get errors with your current code? If so, which one(s)?

Can you post a snippet of the problematic code? It would make things a lot easier...

 

[Mun]

<!DOCTYPE html>
<html>
	<head>
		<title><?php echo $_GET['id'] . " is in the house"; ?></title>
	</head>
	<body>
		Your page here!
	</body>
</html>

 

[qrwteyrutiyoup]

<!DOCTYPE html>
<html>
<head>
<title><?php echo $_GET['id'] . " is in the house"; ?></title>
</head>
<body>
Your page here!
</body>
</html>

From his description I understood he already knows how to get the 'id', so I am expecting to see the SQL query he is doing, which seems to be his actual problem.

 

[Mun]

The way I understand it he has a link such as

http://www.gaming-servers.net/blah.php?id=Mun&page=home

and he is trying to get the page to load the title as:

Hello Mun!

which the php code would be:


<?php echo '<title> Hello' . $_GET['id'] . '!</title>';?>



This is all of course assuming he is refreshing the page after he updates the ID, and if he isn't he will need jscript to do it, as there is no way to update the pages content in such manner without it.

Mun

 

[NodeBytes]

Essentially I am attempting to update the the "title" field on a table called "threads"

My current mysql attempt is something like 

UPDATE threads SET title = $title WHERE id = $id

 

[Mun]

UPDATE threads SET title=? WHERE id=?

Looks right.

 

[NodeBytes]

Yet, it seems to not work. :/

 

[NodeBytes]

This is the error I'm getting  -

 Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Title WHERE id = 9' at line 1

 

[NodeBytes]

Alright, fixed. It was my stupidity. I had to parse the $title and add quote marks around it.

 

[yomero]

And hopefully this is just an exercise, because that query has SQL injection as is.

 

[NodeBytes]

It's not for production use. It's for an internal project that will be used by 3 people at work.

 

[fisle]

That's a shitty excuse to implement bad practices. Hope you used PDO and prepared statements.

 

[24/7/365]

That's a shitty excuse to implement bad practices. Hope you used PDO and prepared statements.

I would say at this level of understanding, having to learn PDO, prepared statements and parameterised queries is a lot to take on but you're right - as soon as you're comfortable about how to retrieve a value and store it in the database, learn PDO, prepared statements and parameterised queries BEFORE you put your code into production.

 

[fisle]

I would say at this level of understanding, having to learn PDO, prepared statements and parameterised queries is a lot to take on but you're right - as soon as you're comfortable about how to retrieve a value and store it in the database, learn PDO, prepared statements and parameterised queries BEFORE you put your code into production.

Except real life is more like this: "oh it works, it's done now." -> "oh hey i got another cool idea to code"

= Never learn how to do it properly. (I had this mentality back the days when I was younger)

My suggestion is to go straight to using the proper way. Why would you try the shitty way when you KNOW there's a better way to do things?

Damn PHP and those silly mysql_ functions.

 

[qrwteyrutiyoup]

Except real life is more like this: "oh it works, it's done now." -> "oh hey i got another cool idea to code"

= Never learn how to do it properly. (I had this mentality back the days when I was younger)

My suggestion is to go straight to using the proper way. Why would you try the shitty way when you KNOW there's a better way to do things?

Damn PHP and those silly mysql_ functions.

Yup. In general people just move what is working to production, and that's a pretty good way to shoot yourself in the foot.

@NodeBytes: Here's something that might help get you started with PDO: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

 

[Shados]

Except real life is more like this: "oh it works, it's done now." -> "oh hey i got another cool idea to code"

= Never learn how to do it properly. (I had this mentality back the days when I was younger)

My suggestion is to go straight to using the proper way. Why would you try the shitty way when you KNOW there's a better way to do things?

Damn PHP and those silly mysql_ functions.

Depends on your outlook; if you take the perspective of a craftsman who takes pride in the quality of the finished work, then you're less likely to act that way from the start .

 

[NodeBytes]

Everything else is using PDO and prepared statements. This is the single part that I am using this php function for. It's for a closed class that is not accessible to the web and is only used for an internal script.

 

[D. Strout]

Everything else is using PDO and prepared statements. This is the single part that I am using this php function for. It's for a closed class that is not accessible to the web and is only used for an internal script.

Still, you should at least escape things. Even if this is just for internal use, it's very easy to accidentally throw a single quote in your value, and suddenly everything explodes with MySQL errors. It's your app though, so you know best (I hope).

 

[NodeBytes]

Yep, I have since done that.