Hi please see this code, I am using this code to update current project, $current_project_id using the i am getting the current project to edit I have checked the data to post variables i am getting it while doing a echo statement. there may be some issue while i pass this to my class function using the object.
ALSO: Help appreciated, If you find some security issue on my code :)
User Side:
<?php
$current_project_id = (int)$_GET["pid"]; //Getting current project to Update from URL parameter.
$currentproject = $touchObj->get_projects_by_id($current_project_id); // Using project id to update, we are taking all project data.
?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if(isset($_POST['project_name']) && isset($_POST['project_location'] )) {
include('inc/handleUpload.php'); // Image uplaod class
$up->config('20000000','jpg,gif,png,pdf,txt,doc,docx,xls,xlsx,zip,rar');
$up->upload('project_file','xxxxxxxxxxxxxxxxxxxxxxxxx/'); //Server file location for upload folder.
$project_investor_id = implode(",",$_POST["project_investor_id"]); // Our table field store data as comma seperated separated
$project_name = mysql_real_escape_string($_POST['project_name']);
$project_location = mysql_real_escape_string($_POST['project_location']);
$project_phase = mysql_real_escape_string($_POST['project_phase']);
$project_capital = mysql_real_escape_string($_POST['project_capital']);
$project_total = mysql_real_escape_string($_POST['project_total']);
$project_notes = mysql_real_escape_string($_POST['project_notes']);
$file = $up->fileInfo['fname'];
$touchObj->update_project(
$current_project_id,
$project_investor_id,
$project_name,
$project_location,
$$project_phase,
$project_capital,
$project_total,
$project_notes,
$file
);
}
else
{
echo '<div class="alert alert-info"><h6>Please fill datas...</h6></div>';
}
}
?>
My function of this particular Class:
public function update_project($project_id, $project_investor_id, $project_name, $project_location, $project_phase, $project_capital, $project_total, $project_notes, $file){
$result = mysql_query("UPDATE project_table SET
project_investor_id = $project_investor_id,
project_name = $project_name,
project_location = $project_location,
project_phase = $project_phase,
project_capital = $project_capital,
project_total = $project_total,
project_notes = $project_notes,
project_file = $file
WHERE project_id =$project_id");
if($result) {
echo '<div class="alert alert-success"><h6>Project updates... Do not refresh window...</h6></div>';
}
else {
echo '<div class="alert alert-error"><b>Some error while updating the project. Please try again...</b></div>';
}
}
Result: Some error while updating the project. Please try again...
I am not able to update data usig this function Please reviwe it and let me know what i missed? any ideas?
Thank You very much for your valuable time
