0

I have a bit of code which updates a table called job, but once the the page is executed it does not update the table. Here is the code:

$item = isset($_POST['item']);
$ref = isset($_POST['ref']);

$con = mysql_connect("$host","$username","$password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("$db_name", $con);

$sql="UPDATE job SET item = '$item' WHERE ref='$ref'";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
header("location:index.php");

I have echoed out the $ref variable and it is there but it won't work if I put it in the WHERE clause.

Dominic Rodger
  • 94,357
  • 33
  • 195
  • 210
SebastianOpperman
  • 6,339
  • 6
  • 29
  • 36

2 Answers2

3
$ref = isset($_POST['ref']);

I have echoed out the $ref variable and it is there

You aren't assigning the actual value of $_POST['ref'], you're only assigning whether or not it is set. Try:

$ref = isset($_POST['ref']) ? mysql_real_escape_string($_POST['ref']) : NULL;

You can check your query by reading the SQL string you've created: exit($sql)

See also: What is SQL injection?

Community
  • 1
  • 1
Wesley Murch
  • 98,378
  • 36
  • 187
  • 224
1
$item = isset($_POST['item']);
$ref = isset($_POST['ref']);

by this two statements, variables will have 0 or 1 as values ...better write this way..

$item = (isset($_POST['item']) == 1 ? $_POST['item'] : '');
$ref = (isset($_POST['ref']) == 1 ? $_POST['ref'] : '');

if($item !='' && $ref !=''){
   // your update query
}
Rukmi Patel
  • 2,591
  • 8
  • 27
  • 41