insert sql with php form

Hi there. I have a couple of files meant to update a single field of a mysql table. It should work like so: a user correctly inputs an existing id field, plus a date which is new. The sql statement finds the entry belonging to the id field and updates the date. The code as it stands does not throw an sql error, but it also doesn’t work. Eventually, I’d also like to write a wrapper, or escape the strings, to help protect from cross-site scripting/injections. Any help would be greatly appreciated.

Ist the input form in a file called getdate.php:

date
model

And then the sql update in the file called nidprod.php:

$date = trim($_POST['date']); $model = trim($_POST['model']); $sql['result'] = "UPDATE `mydatabase`.`mytable` SET `mydatecolumn` = ".$date." WHERE 'mytable'.'myidcolumn' = ".$model.""; $results = mysql_query($query);

if ($results = true)
{
echo “Success.”;
}
mysql_close();
?>

Thanks for reading.

Angela

Where is $query defined?

I guess the answer there is: nowhere. I haven’t a very strong grasp on php/sql, so I’m not sure what exactly, I should do about defining it. When you have a moment, can you tell me some more. I’m not adverse to just reading the php or sql manual, if I know which part of it would be relevant.

Got it. I ended up using:

$query = “UPDATE mydatabase.mytable SET mydatecolumn = NOW() WHERE mytable.myidcolumn = $model”;
$results = mysql_query($query);

And then once I escaped my strings, was all set.