0

I have a bit of code which updates a table called job, but once the the page is executed it does not update the table. Here is the code:

$item = isset($_POST['item']);
$ref = isset($_POST['ref']);

$con = mysql_connect("$host","$username","$password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("$db_name", $con);

$sql="UPDATE job SET item = '$item' WHERE ref='$ref'";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
header("location:index.php");

I have echoed out the $ref variable and it is there but it won't work if I put it in the WHERE clause.

Dominic Rodger
  • 90,548
  • 30
  • 192
  • 207
SebastianOpperman
  • 5,680
  • 5
  • 28
  • 35

2 Answers2

3
$ref = isset($_POST['ref']);

I have echoed out the $ref variable and it is there

You aren't assigning the actual value of $_POST['ref'], you're only assigning whether or not it is set. Try:

$ref = isset($_POST['ref']) ? mysql_real_escape_string($_POST['ref']) : NULL;

You can check your query by reading the SQL string you've created: exit($sql)

See also: What is SQL injection?

Community
  • 1
  • 1
Wesley Murch
  • 95,417
  • 36
  • 177
  • 220
1
$item = isset($_POST['item']);
$ref = isset($_POST['ref']);

by this two statements, variables will have 0 or 1 as values ...better write this way..

$item = (isset($_POST['item']) == 1 ? $_POST['item'] : '');
$ref = (isset($_POST['ref']) == 1 ? $_POST['ref'] : '');

if($item !='' && $ref !=''){
   // your update query
}
Rukmi Patel
  • 2,545
  • 8
  • 26
  • 41