current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 6.5 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote 0 down vote favorite

I'm currently developing a soccer league and would like to update my games table, I have given each game a game_id and want to update the scores using it as a condition in my SQL. my games table has game_id, home_team_id, home_score,away_score, away_team_id, date, location....

My SQL query:

<?php require_once("includes/functions.php");?>
<?php 
    if(isset($_POST['update'])){
        $errors = array();

    //form validation
    $required_fields = array("game_id", "home_score", "away_score", );
    foreach($required_fields as $fieldname) {
    if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) &&
        $_POST[$fieldname] != 0)) { $errors[] = $fieldname; }
    }

    if (empty($errors)) {
    // Perform Update


    $id = mysql_prep($_POST['game_id']);
    $home_score = mysql_prep($_POST['home_score']);
    $away_score = mysql_prep($_POST['away_score']);


    $query = "UPDATE games SET 
    home_score = {$home_score}, 
    away_score = {$away_score} 
    WHERE games.game_id= {$id}";
    $result = mysql_query($query, $connection);
    if (mysql_affected_rows() == 1) {
    // Success
    $message = "The scorers were successfully updated";
    } else {
    // Failed
    $message = "The scorers update failed ";
    $message .= "<br />" . mysql_error();
    }

    } else {
    // Errors occurred
    $message = "There were " . count($errors) . " errors in the form.";
    }

    } // end: if (isset($_POST['submit']))

?>



 <?php include("includes/header.php");?>
<div class="document">
    <div class="navigation">
    <br />
    <div class="content">
        <h2>Edit Fixture</h2>
        <form action="edit_fixture.php" method="post">

        <p>Game Id:
            <select type="int" name="game_id" >
            <?php
                for($count=1; $count <= 70; $count++) {
                    echo "<option value=\"{$count}\">{$count}</option>";
                }
            ?>
            </select>
        </p>
        <p>Home Score: 
            <select type="text" name="home_score" >
            <?php
                for($count=0; $count <= 9; $count++) {
                    echo "<option value=\"{$count}\">{$count}</option>";
                }
            ?>
            </select>
        </p>
        <p>Away Score: 
            <select type="text" name="away_score" >
            <?php
                for($count=0; $count <= 9; $count++) {
                    echo "<option value=\"{$count}\">{$count}</option>";
                }
            ?>
            </select>
        </p>

        <input type="submit" value="Update" />
        </form>
        <br />
        <a href="content.php">Cancel</a>
    </div>
    </div>
<?php require("includes/footer.php");?>
share|improve this question
    
my form looks like this: – Bourne Mar 9 '14 at 12:42
    
Put your form code as well. – DDC Mar 9 '14 at 12:43
    
Your code is vulnerable to SQL injection attacks (simple explanation here). You should use the MySQLi class for new code, along with parameterised queries, as the mysql_ functions are soon to be deprecated. – Polynomial Mar 9 '14 at 12:44
    
thanks @Polynomial...will read up on that.. – Bourne Mar 9 '14 at 12:46
1  
@Polynomial Mysql is deprecated as of 5.5. – The Serenin Mar 9 '14 at 13:00
up vote 0 down vote accepted

$_POST['update'] is always null so your post doesn't get called.

Add name="update" to your submit button

share|improve this answer
up vote 0 down vote 
if(isset($_POST['update'])){

the post variable you're trying to get is different than the submit button

<input type="submit" value="Update" />

Update != update so the sql functions aren't taking place because the post variable isn't set

share|improve this answer
    
You guys are the best, working... ill now deep my head into changing mysql queries to either PDO or mysqli to avoid sql injections... thanks a lot, if you spot any security loops please comment below.... – Bourne Mar 9 '14 at 13:13
    
@Bourne Look into mysqli or PDO. My preference goes to PDO for being able to use named placeholders. – The Serenin Mar 9 '14 at 15:08

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.