I'm trying to update some records in my database. I'm sure I've made some sort of error with my syntax in the '$sql=' line. Does anybody know where I'm going wrong? I've not quite got the hang of when to use single quotes, double quotes or brackets!

In the $sql line you have a lot of " quote marks.

You need one pair, to signal the start and end of the string to be stored within the $sql variable. Any others need to be escaped with a back-slash, so PHP knows that you don't mean it's the end of the line.

So in your code you will need to escape as such:



Also - it seems you are pulling the data straight from the user input. This can be dangerous - are you checking it first?

I don't tend to do it this way - I've got a habit of pulling the data out of the post array, and processing with addslashes() etc as it goes into another.

Infact, I'm not even sure the above code will work. It might add the literal string $_POST["description"] etc rather than the data held in the $_POST[] array. If you find that is the case, you'll need to pull the data out of the $_POST[] array and into a new one as mentioned. It's been a long time since I've done any PHP, so I can't remember exactly how it's likely to behave in this instance.

P.S. Take a look at these functions for preparing your data for the DB query:

mysql_real_escape_string

addslashes

Cheers Nick, I shall absorb and digest. I'm going straight from user input as it's an internal database and doesn't need checking.

Cool. In that case, there is another option:



It's horrendously ugly, but will get the job done.

I'd love to be able to have a look at what you suggested, but I decided to look at something else and got stuck again! I've got a drop down list that populates based on the contents of a column. I want the drop down to be pre-selected with the current selection. I've looked all over the web and the code seems to be correct, but it sets the option to "selected" on every single option, not just the one that matches the current selection.



It seems that it thinks the value of $line[Status] is always the same as the $_POST[status] which it's definitely not…

There appears to be a couple of syntax errors.

First, there is a semi-colon after the if statement, which shouldn't be there. I don't know what effect it's likely to have, but it's likely to make PHP think that is the end of the if statement, IE there is no conditional statement to follow.

Also, the echo statement has some errors. Try this code:



What options are you running in your .ini file? I'm guessing that you have not set errors to be printed - it would make things much easier if you were to enable these. That way, if PHP runs into a problem, like the syntax errors in the code above, it can print out a helpful message saying what error it had and even what line of code caused it.

If you are unable to change the php.ini configuration file, you can change the configuration at run time using the ini_set() method as detailed [url]here[/url]. That page includes some code you can include in your scripts, so that if there is an error it will give you some output hinting at the problem.

Cheers Nick, you're bang on, it was the semi colon. That must have been the only thing I overlooked and I was tearing my hair out for hours! Now to go back to the data update…

You were also right about the quotes, that was the problem on the update part. I thought I had tried absolutely every combination of everything, but obviously not! Thanks very much for your help.