Greg K — Mon, 02 Jul 2007 16:59:50 +0000

1st step in debugging a query that doesn't work or gives you results you were not expecting: VIEW what actually gets executed:

<?php
if ($_POST['submit'] == 'submit') {
  $title = $_POST['title'];
  $desc = $_POST['desc'];
  $text = $_POST['text'];
  $id = $_GET['id']

  $sql = \"UPDATE `table` \" .
         \"SET `title` = '$title', `desc` = '$desc', `text` = '$text' \".
         \"WHERE `id` = $id\";

  die (\"SQL: $sql \n\");   // COMMENT THIS LINE OUT TO EXECUTE QUERY

  mysql_query($sql) or die (mysql_error());
  
  echo 'Updated';
  exit;
}
?>

Now you will see the actual query with the values from the variables. When you are sure the query looks ok, comment out the die line

Since you are using just raw data from a form in your SQL, (hopefully this is for testing ONLY, and you will properly validate/format them before gong live), it is easy to miss things like a single quote which will mess up the sql statement. Think about if the following was entered in for DESC:

Great site, can't get enough!!

part of your sql statement will read:
`desc` = 'Great site, can't get enough!!', `text` =
as you can see, SQL will be confused by the quote.

-Greg