StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>When passed an UPDATE query, <code>mysql_query()</code> returns boolean TRUE for success and FALSE for failure, while <code>mysql_num_rows()</code> only accepts a resultset resource as its argument. In order to determine how many rows the UPDATE query affected, call <code>mysql_affected_rows()</code> with the connection resource as its argument.</p> <p>It's not causing the problem you're having right now, but you would be extremely well advised to append <code>or die(mysql_error())</code> to your <code>mysql_query()</code> calls, in order to catch any MySQL errors which occur. You would be even better advised to abandon the <code>mysql_*</code> functions entirely in favor of the PHP PDO extension, as recommended in the PHP manual, and which really doesn't incur much more cognitive overhead in exchange for the vast benefits it offers in capability and security.</p> <p>Leaving that aside, here's how I would change your code so that it behaves more like what you have in mind:</p> <pre><code><?php // obtain a database connection $dbConn = mysql_connect($serverName, $user_name, $password) or die("Cannot connect to server: " . mysql_error() . "<br />\n"); // mysql error number rarely adds enough information to be worth including // select the database mysql_select_db($db_name, $dbConn) or die("Couldn't select $db_name: " . mysql_error() . "<br />\n"); // obtain escaped versions of query data for inclusion in update query // it is imperative to use mysql_real_escape_string() or equivalent if you're // going to use mysql_* functions instead of the far preferable PDO // prepared statements; if you don't escape your data, you leave open the // possibility of SQL injection, which someone will certainly soon use to // screw up your website horribly $id = mysql_real_escape_string($_GET['id']); $additional_notes = mysql_real_escape_string($_GET['additional_notes']); // assemble query to pass to mysql_query() // no need for parentheses around the string; in fact i'm surprised that // didn't result in a parse error // also FYI re backticks, MySQL uses them to denote literal database/table/ // column names -- they're optional unless required to disambiguate between // an entity name and a reserved word. for example, you can create a table // containing a column named 'key', which is a MySQL reserved word, but you // thereafter must refer to that column as `key`, with backticks, in any // queries, to hint to MySQL's parser that you mean the column by that name // and not the reserved word; otherwise, it's a parse error. $sql = "UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'"; // actually run the query // this being an UPDATE query, the result is boolean and offers no // additional useful information, so you need not capture it in a variable; // the 'or die' clause will fire if it's false, and if it's true, you'll // use mysql_affected_rows() to get the additional info you need. mysql_query($sql) or die(mysql_error()); // if the query failed, the script die()d on the previous line and didn't // get here; if it did get here, you know the query succeeded $resultcount = mysql_affected_rows($dbConn); // this is technically correct but semantically odd; since you already included // the 'additional_notes' value in the previous UPDATE query, and since // that query certainly succeeded if we're evaluating this code at all, // why run the same query again? if ($resultcount == 1) { mysql_query("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'") or die(mysql_error()); } // again, the 'or die' clauses mean that we can only have reached this point // if the queries succeeded, so there's no need for an if() test here echo "Update Successful!"; echo '<h3>Your case has been updated.</h3>'; // note the backslashes before the embedded double quotes; single quotes in // tag attributes are technically invalid but most browsers will accept them, // but you can use double quotes within a double-quoted string if you precede // the embedded quotes with backslashes (called "escaping") to indicate that // they're not to be taken as the end of the string // (i.e., "\"\"" == '""') echo "To see your changes please click <a href=\"/fullcase.php?id=$id\">here</a></b>"; ?> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload