MySQL Forums
Forum List  »  Newbie

Re: DB Not Updating
Posted by: Barry Galbraith
Date: March 21, 2024 10:43PM

A couple of things.
Quote

$propertypin = ($_POST['propertypin']);
leaves you open the SQL injection, should someone enter a malicious value in your HTML form.
Better is to sanitse the input with something like
$propertypin = mysqli_real_escape_string($mysqli_link, ($_POST['propertypin']));
See php manual for mysqli_real_escape_string()

Second, are you sure that your HTML form is actually including a value in $_POST['propertypin']?
You can temporarily echo your constructed SQL string before you submit it.
$sql = "INSERT INTO `orderform` ( propertypin ) VALUES ('$propertypin')";
echo $sql;
Be aware, that seing as you are trying to store a string, the value should be enclosed in quotes so it is treated as a string, not a number.
If you have admin access to your msql server, you could also turn on logging to see the actual SQL being submitted.

Good luck,
Barry.

Options: ReplyQuote


Subject
Written By
Posted
March 21, 2024 04:57PM
Re: DB Not Updating
March 21, 2024 10:43PM
March 22, 2024 07:45AM
March 22, 2024 09:02PM
March 22, 2024 11:47AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.