Danny Brow wrote:
> Thanks for looking,
>
> I figured it out, after RTFM for db, I found that I needed to do field=? instead of using VALUES ().
>
>
>
> Example:
>
> $db->query('UPDATE items SET item_name=?, item_desc=?, item_price=?, extraprice=? WHERE item_id = 3',
> array($_POST['title'], $_POST['description'], $_POST['price'], $_POST['extraprice']));
>
FYI - You should at least escape the $_POST data (more filtering may be
necessary) before you go inserting it into your database. When using
raw $_POST data it may be possible for someone to DROP DATABASE.
Search the archives (STFA) for more on this topic.
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Attachment:
signature.asc
Description: OpenPGP digital signature
