[PHP] Re: Update db with $_POST
Danny Brow wrote:
Thanks for looking,
I figured it out, after RTFM for db, I found that I needed to do field=?
instead of using VALUES ().
Example:
$db-query('UPDATE items SET item_name=?, item_desc=?, item_price=?,
extraprice=? WHERE item_id = 3',
array($_POST['title'], $_POST['description'], $_POST['price'],
$_POST['extraprice']));
FYI - You should at least escape the $_POST data (more filtering may be
necessary) before you go inserting it into your database. When using
raw $_POST data it may be possible for someone to DROP DATABASE.
Search the archives (STFA) for more on this topic.
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-generalw=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins
signature.asc
Description: OpenPGP digital signature
[PHP] RE: Update db with $_POST
Thanks for looking,
I figured it out, after RTFM for db, I found that I needed to do field=?
instead of using VALUES ().
Example:
$db-query('UPDATE items SET item_name=?, item_desc=?, item_price=?,
extraprice=? WHERE item_id = 3',
array($_POST['title'], $_POST['description'], $_POST['price'],
$_POST['extraprice']));
I'm trying to update some form data with this db update query and it's
not working, I'm not getting an error either.
$db-query(UPDATE items SET item_name = $_POST[title], item_desc =
$_POST[description], item_price = $_POST[price], extraprice =
$_POST[extraprice] WHERE item_id = 3);
I've tried this:
$db-query(UPDATE items SET (item_name, item_desc, item_price,
extraprice)
VALUES (?,?,?,?) WHERE item_id = 3,
array($_POST['title'], $_POST['description'], $_POST['price'],
$_POST['extraprice']));
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Update db with $_POST
On Tue, 2005-03-15 at 18:45 -0500, Jason Barnett wrote:
Danny Brow wrote:
Thanks for looking,
I figured it out, after RTFM for db, I found that I needed to do field=?
instead of using VALUES ().
Example:
$db-query('UPDATE items SET item_name=?, item_desc=?, item_price=?,
extraprice=? WHERE item_id = 3',
array($_POST['title'], $_POST['description'], $_POST['price'],
$_POST['extraprice']));
FYI - You should at least escape the $_POST data (more filtering may be
necessary) before you go inserting it into your database. When using
raw $_POST data it may be possible for someone to DROP DATABASE.
I was planning on this, but I like to get things working first then move
on to cleaning the input up. I'm still learning the db stuff, so the
less that can cause an issue the better.
Thanks,
Dan.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
