MySQL Forums
Forum List  »  PHP

Re: Trouble with updating Mysql table data
Posted by: Rick James
Date: March 26, 2012 10:58PM

> $sql = "UPDATE library SET title = '".$_POST['Title']."', author = '".$_POST['Author']."', status = '".$_POST['Status']."' WHERE id = $Id ";

Then you are begging for "SQL Injection"!

So, you really should first escape each field:

$etitle = mysql_real_escape_string($_POST['Title']);
$eauthor = ...
Then you can interpolate:
$sql = "UPDATE library SET title = '$etitle', ... ";

Options: ReplyQuote


Subject
Written By
Posted
Re: Trouble with updating Mysql table data
March 26, 2012 10:58PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.