Home/ Questions/Q 6042893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T06:50:25+00:00

I have a PHP form that when submitted saves to a MySQL database. One

  • 0

I have a PHP form that when submitted saves to a MySQL database. One of the fields is an ID field where the user enters their ID. When a user has an ID with just numbers everything works fine. But, if their ID looks like this:

m0mvtRLb3Mm9c8ZlKa8_S2J5L-J35caA7eqQHb_DQ1a4pbOMmag0Mrt_Nz72VH48PQcMmt44Yxaic_NRXQqW-b3nSGgs3VLBp21Ii942DaZIhW0PqNi1wERne1jT7to30

Then it doesn’t work at all. The ID field is a varchar, does it need to be something else?

This is the code on that page (settings.php)

<form enctype="multipart/form-data" action="settings.php?ID=<?=$ID?>" method="POST">
Please enter your information<br><br>
ID: <input name="ID" readonly="readonly" type="text" value="<?=$ID?>" ><br>
First Name: <input type="text" name="FN" value="" ><br>
Last Name: <input type="text" name="LN" value="" ><br>
Age: <select name="AGE">
    <option></option>
    <option>10</option>
    <option>11</option>
    <option>12</option>
    <option>13</option>
    <option>14</option>
    <option>15</option>
    <option>16</option>
    <option>17</option>
    <option>18</option>
    <option>19</option>
    <option>20-25</option>
    <option>26-30</option>
    <option>31-35</option>
    <option>36-40</option>
    <option>41-50</option>
    <option>51-60</option>
    <option>61-70</option>
    <option>70-80</option>
    <option>81+</option>
</select><br />
Email: <input type="text" name="EM" value=""><br>
Phone: <input type="text" name="PN" value=""><br>
<br/>
I agree to the <a href="../privacy.htm" target="_blank">Privacy Policy</a> and the <a href="../terms.htm" target="_blank">Terms of Service</a>.<br />
<input type="radio" name="TOS" value="1" >Yes <input type="radio" name="TOS" value="2" > No<br><br>
<input type="submit" name="edit" value="edit"></form> <br>

<?

require_once('../serv_inc.php');

$conn = mysql_connect("$mysql_server","$mysql_user","$mysql_pass"); 
if (!$conn) die ("ERROR"); 
mysql_select_db($mysql_database,$conn) or die ("ERROR"); 

if(isset($_POST['edit']))
  {

$sID    =    (int)$_POST['ID'];
$sFN   =    mysql_real_escape_string($_POST['FN']);
$sLN   =    mysql_real_escape_string($_POST['LN']);
$sAGE   =    mysql_real_escape_string($_POST['AGE']);
$sEM   =    mysql_real_escape_string($_POST['EM']);
$sPN   =    mysql_real_escape_string($_POST['PN']);
$sTOS   =    mysql_real_escape_string($_POST['TOS']);

    mysql_query("UPDATE scavenger1 SET FN='".$sFN."', LN='".$sLN."', AGE='".$sAGE."', EM='".$sEM."', TOS='".$sTOS."', PN='".$sPN."' WHERE ID='".$sID."'") or die (mysql_error());

    echo '<font color="red">Registration Complete! Please Hold. </font><meta http-equiv="refresh" content="1;url=completed.php?ID=';
    echo $_GET["ID"];
    echo '&edit"><br/><br/>';
    }

$query = "select * from scavenger1 order by ID";
$result = mysql_query($query);
?>

<?
         while ($link=mysql_fetch_array($result))
         {
         echo ' ';
         }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This $sID = (int)$_POST['ID']; you are casting the id to an integer. It should be:

    $sID    =    mysql_real_escape_string($_POST['ID']);
    • 0