#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    2
    Rep Power
    0

    Update Statement


    Hello everyone,
    I built a sample e-banking application as part of a project from my school. I wrote the statement below to update two tables from fields submitted from a form and also send a mail to the form owner. when i submit the form it redirects to the finale.php page but does not update the database at all..

    The UPDATE statement is

    $sqlupdate = " UPDATE client, `statement` SET client.account_balance = $balanceaftertransfer,client.checkcode = 1, statement.account_balance = $balanceaftertransfer, statement.statement_details = Online Transfer, statement.statement_credit = 0, statement.staement_debit = $amt2tra, statement.statement_date = CURDATE(), statement.client_id = $client_id
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";
    mysql_query($sqlupdate ) ;

    and the full post.php file is as shown below


    <?php
    if (!isset($_SESSION)) {
    session_start();
    }
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";

    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;

    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
    $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
    $isValid = true;
    }
    if (($strUsers == "") && true) {
    $isValid = true;
    }
    }
    return $isValid;
    }

    $MM_restrictGoTo = "log.php";
    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
    $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
    }
    ?>
    <?php
    //To connect to database
    include("Connections/bollingo.php");
    $query_recordset = "SELECT *
    FROM client, `statement`
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";

    // Receiving variables
    $pfw_ip= $_SERVER['REMOTE_ADDR'];
    $client_id = $_POST['client_id'];
    $accname = $_POST['accname'];
    $avafortra = (int)$_POST['avafortra'];
    $amt2tra = (int)$_POST['amt2tra'];
    $email = $_POST['email'];
    $mobile = $_POST['mobile'];
    $tbname = $_POST['tbname'];
    $tbbank = $_POST['tbbank'];
    $tbbankac = $_POST['tbbankac'];
    $tbbranch = $_POST['tbbranch'];
    $tbswift = $_POST['tbswift'];

    $balanceaftertransfer = $avafortra - $amt2tra;

    //Sending Email to form owner
    $pfw_header = "From: $email\n"
    . "Reply-To: $email\n";
    $pfw_subject = "Hello";
    $pfw_email_to = "info@myownsite.com";
    $pfw_message = "Visitor's IP: $pfw_ip\n"
    . "Account Name: $accname\n"
    ;

    mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;

    //updating database
    $sqlupdate = " UPDATE client, `statement` SET client.account_balance = $balanceaftertransfer,client.checkcode = 1, statement.account_balance = $balanceaftertransfer, statement.statement_details = Online Transfer, statement.statement_credit = 0, statement.staement_debit = $amt2tra, statement.statement_date = CURDATE(), statement.client_id = $client_id
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";
    mysql_query($sqlupdate ) ;

    header("Location: finale.php");
    ?>
  2. #2
  3. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,112
    Rep Power
    487
    I'm not an expert on updating multiple tables at once but I believe that you need a JOIN in there somewhere ... regardless, your UPDATE statement has a number of errors.

    The main problems I see with your statement are:-

    1. Missing single-quotes around the data to be updated, for example, statement.statement_details = Online Transfer, should be statement.statement_details = 'Online Transfer',
    2. Missing backticks around field names, for example statement.account_balance should be `statement`.`account_balance`
    3. Your WHERE clause means that only records where the two tests are true will be updated.
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";

    Also, thewebdudemajor, I know that others will say it but :-
    The mysql_ libraries are now OLD AND DEPRECATED so shouldn't be used if possible; use PDO instead.
    Please wrap your code in PHP tags, the New User Guide (HERE ) will also give you a lot of useful tips on making a post that attracts good replies and help us, the people you're asking for help, want to help you!

    I don't see any efforts to debug the code yourself either, have you done anything if so, what?
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    2
    Rep Power
    0

    Thank you


    Thank you
    I am going to try your tips right away. does that mean my initial query was wrong?
    $query_recordset = "SELECT *
    FROM client, `statement`
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";
  6. #4
  7. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,112
    Rep Power
    487
    Originally Posted by thewebdudemajor
    Thank you
    I am going to try your tips right away. does that mean my initial query was wrong?
    $query_recordset = "SELECT *
    FROM client, `statement`
    WHERE client.client_id = `statement`.client_id AND username = '".$_SESSION['MM_Username']."'";
    Not really WRONG as such, if it returns the data you were expecting then it's right .... BUT if you get into the habbit now of putting the quotes, backticks etc in the right places then you'll be much better off later on ...

    You might want to consider as well putting your variables inside curly braces and breaking the query up over several lines; take this re-write of your query as an example:-

    PHP Code:
    $query_recordset "
     SELECT *
     FROM 
      `client`, 
      `statement`
     WHERE 
      `client`.`client_id` = `statement`.`client_id` AND 
      `username` = '
    {$_SESSION['MM_Username']}';
    "

    It makes your code easier to read and of course, when you're dealing with double-quotes, single quotes etc, it makes life a little easier!
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984

IMN logo majestic logo threadwatch logo seochat tools logo