Hi Everyone,
So I'm working on a project (Same one I sent the question about
regarding the user access rights on monday) And now I am attempting to
update the record... Here is some of my code:
index.php
?PHP
form method=post action=purlprocess.php
First Name/Last Nameinput
Ah, how to debug SQL code in PHP...
Here's what I would do: run your query separately in something like SQLyog or
the Netbeans database interface. Just to echo $sql and copy and paste. An
echo $Record statement may also help to assure that you're passing on the PK
to the record correctly.
One
Your index.php looks very strange:
?PHP
form method=post action=purlprocess.php
/form
?
I'm guessing you're echoing this? I never echo from my scripts so I
don't know if this is new functionality, but in my days you echoed
either by ?=...;? or by ? echo ...; ?.
Anyway, since you're
Hi, Jason. Do you realize this code is wide open for an SQL injection
attack? The problem could easily be addressed by using a prepared query
instead. For more details, check the mysqli documentation.
Jason Pruim wrote:
The problem is when I am attempting to update some of the info, it
Hi Yves,
I plan to wrap the $_POST's into something to protect against some
issues like that. But this was a proof of concept for the boss so it
just needed to be up quickly to see if it was something we wanted to
go ahead with :)
On Aug 27, 2008, at 12:21 PM, YVES SUCAET wrote:
Ah,
YVES SUCAET wrote:
One suggestion: you may want put mysql_real_escape_string() wrappers
around
all those $_POST[] fields to prevent SQL hijacking of your site.
[...]
mysqli_query($link, $sql) or die(Could not update... .
Yves, he's using mysqli, not mysql. You should not mix those
Jason Pruim wrote:
I plan to wrap the $_POST's into something to protect against some
issues like that. But this was a proof of concept for the boss so it
just needed to be up quickly to see if it was something we wanted to go
ahead with :)
Well, no worries about that then. We're just
Every time I post I get this e-mail:
Halo [EMAIL PROTECTED],
Kami mengirim email ini untuk menyampaikan bahwa grup yang Anda coba
hubungi (donkomo) tidak ada atau Anda tidak memiliki izin untuk mengirim
pesan ke grup itu. Ada beberapa kemungkinan mengapa hal ini terjadi:
[etc.]
I have no
Everybody seems to agree on escaping :-) And I'm learning! HEREDOC,
nifty indeed!
How about your $_POST variable, is there anything in there?
On Wed, Aug 27, 2008 at 6:38 PM, Jason Pruim [EMAIL PROTECTED] wrote:
On Aug 27, 2008, at 12:24 PM, Evert Lammerts wrote:
Your index.php looks very
On Aug 27, 2008, at 12:41 PM, Evert Lammerts wrote:
Everybody seems to agree on escaping :-) And I'm learning! HEREDOC,
nifty indeed!
Yeah, ever since I found out about HEREDOC I've used it quite
extensively with some of my projects... Also, when you're in the
HEREDOC block, if you need
I get the same 2 you do :) at least the autoresponder from david seems
to be smart enough to only do 1 per day :)
On Aug 27, 2008, at 12:40 PM, Fergus Gibson wrote:
Every time I post I get this e-mail:
Halo [EMAIL PROTECTED],
Kami mengirim email ini untuk menyampaikan bahwa grup yang Anda
On Aug 27, 2008, at 12:48 PM, Jason Pruim wrote:
For everyone that has helped me on this thank you! :) the solution was
changing from: input type=text name=txtFName DISABLED to input
type=text name=txtFName READONLY Read only fields still get
passed with POST'ed info where as disabled
Putting commands into input containers in HTML is deprecated in the
XHTML specification. You should use this instead in the input:
readonly=readonly
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Jason Pruim wrote:
On Aug 27, 2008, at 12:48 PM, Jason
Jack van Zanen wrote:
Databases are located in several datacentres throughout the area/country
and we connect through dedicated lines not internet.
I realize that there may be many factors to consider, I just would like
to have the PHP experts have a look at my method/PHP code to check that
14 matches
Mail list logo
