[PHP-DB] Update keeps failing with php/sqlite

Mon, 27 Dec 2004 15:04:17 -0800 

Hi all,

I made a toy database.  Two tables are "students" (a collection of student
info) and "message" (private messages I want individual students to read).
The "message" table is indexed by a student's social security number.

student
   last, first, ssn, address, city, state, zip, email

message
   msg1, ssn


I'm trying to update msg1, unsuccessfully.  Everything *seems* to go
perfectly.  The $_POST variables exist and hold what I think they should
hold, the SQL looks OK.  I checked the sqlite website, and "UPDATE" is
indeed supported.  I've been scratching my head a lot over this one:


The given code is (note My_Header() and My_Footer() just interject a little
HTML, like "<html>" and the like):




// We picked the class and student.  Now display the current message.
//
if ( isset($_REQUEST['action']) && $_REQUEST['action'] == 'editmsg' )
{
        $handle = sqlite_open($_SESSION['dbfile'])
                or die("Could not open database.");

        $query = "SELECT msg1 FROM message " .
                "WHERE ssn = '" . sqlite_escape_string($_POST['ssn']) . "'";

        $result = sqlite_query( $handle, $query );

        if ( sqlite_num_rows($result) > 0 )
                $msg = sqlite_fetch_single($result);
        else
                $msg = '';


        My_Header("Messages");

        ?>
        <form method="post" action="<? echo $_SERVER['PHP_SELF']; 
?>?action=submitedit">
                <textarea name="msg" cols="40" rows="8">
<? echo "+$msg+" ?></textarea>
                <p><input type="hidden" name="ssn" value="<? echo $_POST['ssn'] 
?>"></p>
                <p><input type="submit" value="Edit"></p>
        </form>

        <?

        My_Footer();

        exit(0);
}



// If we're here, it's because we want to update the message in the
// database.  This performs the SQL using "UPDATE".
//
if ( isset($_REQUEST['action']) && $_REQUEST['action'] == 'submitedit' )
{

        $handle = sqlite_open($_SESSION['dbfile'])
                or die('Error in query: ' .
                sqlite_error_string(sqlite_last_error($handle)));

        $query = "UPDATE message " .
                "SET msg1 = '" . sqlite_escape_string($_POST['msg']) . "' " .
                "WHERE ssn = '" . sqlite_escape_string($_POST['ssn']) . "'";


        sqlite_query($handle, $query)
                or die('Error in query: ' .
                sqlite_error_string(sqlite_last_error($handle)));

        Header("Location: " . $_SERVER['PHP_SELF'] . "?action=chose");
        exit(0);
}

?>



Anything wrong with this code?  I've tried to write as defensively as I can.

Thanks!
Pete

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to