MySQL/PHP update query with dates not updating

Question

Bit of a strange problem here...

I've got an update query that isn't working, and I can't for the life of me work out why!

My table has two three fields - 'id' (int, auto increment), 'date' (date), and 'amountraised' (decimal). Part of the app I'm developing calculates the fundraising total each week made by a charity bookstall. The 'date' field uses a date column type as elsewhere on the site I'm using the dates in calculations.

Elsewhere within the system I've got other update queries that are working just fine, but I suspect the problem with this one is that as well as updating the record I'm also trying to manipulate the date format as well (so that I can enter dates in the British dd-mm-yyyy format and then use the PHP to convert back into the MySQL-friendly yyyy-mm-dd format.

This is the strange bit. According to the confirmation page on the site, the query has run okay, and the update's been made, but when I check the database, nothing's changed. So I could check what the output of the query is I've tried echoing the result to the web page to see what I'm getting. The expected values show up there on the page, but again, when I check the database, nothing's been updated.

This is my update form with the date conversion function:

          function dateconvert($date,$func) {
          if ($func == 1){ //insert conversion
          list($day, $month, $year) = split('[/.-]', $date); 
          $date = "$year-$month-$day"; 
          return $date;
          }
          if ($func == 2){ //output conversion
          list($year, $month, $day) = split('[-.]', $date); 
          $date = "$day/$month/$year"; 
          return $date;
            }
          } // end function      
          require_once('/home/thebooks/admins/connect.php');
          $id = $_GET['id'];
          $dateinput = $_GET['dateinput'];
          $query = "SELECT * FROM fundraisingtotal WHERE id='$id'";
          $result = mysql_query($query);
          $row = mysql_fetch_array($result);
          extract($row);
          $date = $row['date']; //your mysql date
          $realdate = dateconvert($date,2); // convert date to British date
          $amountraised = stripslashes($amountraised); //amount raised
          mysql_close();?>
            <div id="title">Update Fundraising Total</div>
            <form id="updatetotals" action="updated.php" method="post">
                <div class="row"><label for="dateinput" class="col1">Date&nbsp;&nbsp;</label><span class="col2"><input id="dateinput" name="dateinput" type="text" size="25" value="<?php echo $realdate ?>" maxlength="10" /></span></div>
                <div class="row"><label for="amountraised" class="col1">Fundraising Total&nbsp;&nbsp;</label><span class="col2"><input id="amountraised" name="amountraised" type="text" size="25" value="<?php echo $amountraised ?>" maxlength="7" /></span></div>
                <div class="submit"><input type="submit" name="submitted" value="Update" /><input type="reset" name="reset" value="Clear the form" /></div>
                <input type="hidden" name="id" value="<?php echo $id ?>" />
            </form>

...and this is the form processing/query page:

    require_once('/home/thebooks/admins/connect.php');
    $dateinput = $_POST['dateinput'];

    // Date conversion from: http://www.phpbuilder.com/annotate/message.php3?id=1031006
    // using type 1
    $convdate = $_POST['dateinput']; // get the data from the form
    $convdate = dateconvert($convdate, 1); // Would convert to e.g. 2005-12-19 which is the format stored by mysql

    function dateconvert($convdate,$func) {
    if ($func == 1){ //insert conversion
    list($day, $month, $year) = split('[/.-]', $convdate); 
    $date = "$year-$month-$day"; 
    return $date;
    }
    if ($func == 2){ //output conversion
    list($year, $month, $day) = split('[-.]', $convdate); 
    $date = "$day/$month/$year"; 
    return $date;
      }
    }
    $date = "$convdate";
    $amountraised = $_POST['amountraised'];         

    $update = "UPDATE fundraisingtotal SET date = '$date', amountraised = '$amountraised' WHERE id='$id' ";
    $result = mysql_query($update);
    $realdate = dateconvert($date,2); // convert date to British date 
    if ($result) {
    echo "<p class=\"dbpara\">Thank you. Your update to the record was successful.</p>";
    echo "<p class=\"dbpara\">The record has been amended to a date of <b>$realdate</b> and amount of <b>$amountraised</b>.</p>";
    }
    else {
    echo "<p>Nothing has been changed.</p>";
    }
    mysql_close();

The weird thing is that the confirmation text "The record has been amended to...etc." displays exactly as expected, but when I check the database, the record hasn't been updated at all.

I'm sure it must be something I'm missing with messing with the date formats or I've got something in the wrong order, but I've tried so many different variations on this now I can't see the wood for the trees. Anyone any ideas what I'm doing wrong here?

Answer 1

Change

$result = mysql_query($update);

to

$result = mysql_query($update) or die(mysql_error());

And you should see what the problem is when the query fails.

Answer 2

I see some red-flags here. You are getting the date from a form and inputing it into MySQL without any form of validation - that could lead to SQL-injections.

Start by changing dateconvert function to something more secure. This function will always return a correct formated date, even if the user tries to abuse the system.

Edit 1: Forgot to put a : after case 'en_en' but fixed it now. Thanks neonblue.
Edit 2: Forgot to feed the date() function with the timestamp. Fixed!
Edit 3: A preg_replace to convert frontslashes to dashes

// this function always returns a valid date
function dateconvert($date = NULL, $date_type = 'sql') {
        $date = preg_replace("/", "-", $date);
    $timestamp = strtotime($date);
    switch($date_type) {
        default: case 'sql' : return date('Y-m-d', $timestamp); break; // prints YYYY-MM-DD
        case 'en_EN' : return date('d-m-Y', $timestamp); break; // prints DD-MM-YYYY
    }
}

You can always have a look into Zend_Date that will let you work with dates on your own format.

Answer 3

Three things I would look for:

1. Is the code attaching to the same database you are looking at? (I spent a few hours on this one ;)

2. Is another update statement (or this one) running immediately afterwards that would change the values back? Here you need some logging to figure it out.

3. If you echo the sql, what happens when you run it directly yourself?

Answer 4

If you see the table is not changing any value but the query does not show you any error, then WHERE id = '$id' is not hitting the register you intended to.

Don't forget to sanitize your queries as others are telling you.