tags:

views:

84

answers:

3

I'm trying to update a database entry but it won't change anything. I'm getting no errors which confuses me...

Code:

if(isset($_GET['edit']))
{
    $idn = $_GET['id'];
    $namn = $_POST['namn'];
    $adress = $_POST['adress'];
    $postnummer = $_POST['postnummer'];
    $postort = $_POST['postort'];
    $email = $_POST['email'];
    $status = 0;
    echo $namn;
    $sql="UPDATE ordrar SET namn = '$namn' AND adress = '$adress' AND postnummer = '$postnummer'
    AND postort = '$postort' AND email = '$email' AND status = '$status' WHERE id = '$idn'";
    if (!mysql_query($sql))
    {
        die('Error: ' . mysql_error());
    }
    //$referer = $_SERVER['HTTP_REFERER'];
    //header('Location:'. $referer);
}

Thanks for answers /Victor

+8  A: 

Your immediate problem is SQL syntax. Read the documentation on UPDATES and replace the ANDs with commas.

Your secondary, but possibly larger problem is that you're building a query out of untrusted user input. That's a recipe for a SQL injection attack. Use bind variables instead.

Dave W. Smith
Yeah, my own sanitize function is removed cause I tought that was the problem. First paragraph worked it out :) Thanks!
Victor
+4  A: 

Ref this

Syntax for Update

UPDATE table_name SET field1=new-value1, field2=new-value2 [WHERE Clause]

Your query should

 $sql="UPDATE ordrar SET namn = '$namn' , adress = '$adress' ,
          postnummer = '$postnummer' , postort = '$postort' , email = '$email' ,
          status = '$status' WHERE id = '$idn'";
Salil
A: 

if you get no errors it does mean that no records matched WHERE condition

or you're probably don't have $_GET['edit'] varibale set

Col. Shrapnel
But the WHERE clause isent what's wrong.
Victor
@Victor no, it is you are wrong.
Col. Shrapnel
I can't see where you wrote that...
Victor
and i've told you already that AND syntax is wrong AND I'm an oafish brute.
Col. Shrapnel
@Victor IN YOUR OTHER QUESTION! where you have accepted the same incorrect answer.
Col. Shrapnel
I've saw that now, sorry for that but the error disappeared when I used that code but now I saw that you're answer was the correct one.
Victor