Home/ Questions/Q 6332975
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T18:22:28+00:00

Sorry. Simple copy/paste error. No programming issues. I have a form with action pointing

  • 0

Sorry. Simple copy/paste error. No programming issues.

I have a form with action pointing to PHP file which is doing SQL UPDATE.
As my form have some read only input field – (not to be changed).

My problem is that the form has some field – which being POST and PHP is NOT EXPECTING those, basically they never got used.

When I submit all of the field my SQL query is failing (no update is taking place). Why?

How can tell the form not to POST some of the field. Only read/write field (those without readonly=”readonly”)?

How to tell PHP to not include all of the values that has been received from the form?

Should I include in the update read-only field (update will not take place as there is no change to those fields.)?

Any suggestion much appreciated.

Please note:

  • when no “readonly” used everything is working fine

UPDATE

My form PHP (HTML result lower):

<form action="update-news.php?updateID='.$id.'" class="form note-form" style="display: block;" method="post">
    <label>ID</label>
    <input name="id" type="text" value="'.$id.'" readonly="readonly" />
    <br class="clr">

    <label>Create by</label>
    <input name="id" type="text" value="'.$usr.'" readonly="readonly" />
    <br class="clr">

    <label>Updated by</label>
    <input name="id" type="text" value="'.$never_update_user.'" readonly="readonly" />
    <br class="clr">

    <label>Created</label>
    <input name="id" type="text" value="'.$created.'" readonly="readonly" />
    <br class="clr">

    <label>Last Update</label>
    <input name="id" type="text" value="'.$never_update.'" readonly="readonly" />
    <br class="clr">
    <br /><br />

    <label>Live</label>
    <input name="live" type="checkbox" ',($live ? 'checked="checked"':''),'/>
    <br class="clr">

    <label>Title</label>
    <input name="title" type="text" value="'.$title.'" />
    <br class="clr">

    <label>Content</label>
    <textarea id="content" name="content" type="text" rows="5" cols="75">'.$content.'</textarea>
    <br class="clr">

    <input type="submit" class="button" value="Update" id="submit" />
</form>

Form HTML:

<form method="post" style="display: block;" class="form note-form" action="update-news.php?updateID=6">
                            <label>ID</label>
                            <input type="text" readonly="readonly" value="6" name="id">
                            <br class="clr">

                            <label>Create by</label>
                            <input type="text" readonly="readonly" value="user@gmail.com" name="id">
                            <br class="clr">

                            <label>Updated by</label>
                            <input type="text" readonly="readonly" value="user@gmail.com" name="id">
                            <br class="clr">

                            <label>Created</label>
                            <input type="text" readonly="readonly" value="August 15, 2011, 2:24 pm" name="id">
                            <br class="clr">

                            <label>Last Update</label>
                            <input type="text" readonly="readonly" value="August 15, 2011, 2:25 pm" name="id">
                            <br class="clr">
                            <br><br>

                            <label>Live</label>
                            <input type="checkbox" checked="checked" name="live">
                            <br class="clr">

                            <label>Title</label>
                            <input type="text" value="How to compare two dates in php and echo newer one?" name="title">
                            <br class="clr">

                            <label>Content</label>
                            <textarea cols="75" rows="5" type="text" name="content" id="content">123</textarea>



                            <input type="submit" id="submit" value="Update" class="button">
                    </form>

UPDATE-NEWS.php:

<?php

session_name('users');
session_set_cookie_params(2*7*24*60*60);
session_start();

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';

if(!$_SESSION['id']) {
    header ("Location: index.php"); 
}


        //Function to sanitize values received from the form. Prevents SQL injection
        function clean($str) {
            $str = @trim($str);
            if(get_magic_quotes_gpc()) {
                $str = stripslashes($str);
            }
            return mysql_real_escape_string($str);
        }

        //Sanitize the POST values
        $id = clean($_POST['id']);
        $usr2 = $_SESSION['usr'];
        $live = (isset($_POST['live']))?1:0;
        $updated = date("F j, Y, g:i a",time()+60*60);
        $title= clean($_POST['title']);
        $content = clean($_POST['content']);

        //Create INSERT query
        $qry = "UPDATE news SET usr2 = '$usr2', live = '$live', updated = '$updated', title = '$title', content = '$content' WHERE id='".mysql_real_escape_string($_POST['id']). "'  ";
        $result = mysql_query($qry);
        echo mysql_error();

        //Check whether the query was successful or not
        if($result) {
            header("location: notes.php");
            exit();
        }else {
            die("Query failed");

        }
    ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Certainly a problem is that you have several fields with name="id". Only the last one of those will be POSTed to the server as $_POST['id'], which is very likely a problem.

    • 0