Re: Question before I end up writing alot of extra code...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



doh - and mysql_escape_string or equivalent.



On 7/7/08, mike <mike503@xxxxxxxxx> wrote:
> please oh please also run that through filter_input() before throwing
> a $_POST directly into the db query ;p
>
>
> On 7/7/08, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote:
> > Jason Pruim wrote:
> > >
> > > MAIN PAGE:
> > > <?PHP
> > >
> >
> > echo $row['Tab'];  //what do you get?
> >
> > > if($row['Tab'] == "done"){
> > >    $Tchecked1 = "CHECKED";
> > >    $Tchecked2 = NULL;
> > > }else{
> > >    $Tchecked1 = NULL;
> > >    $Tchecked2 = "CHECKED";
> > > }
> > >
> > > echo"
> > > <fieldset>Tab<BR>
> > > <input type="radio" name="rdoTab" value="done" $Tchecked1>Done <BR>
> > > <input type="radio" name="rdoTab" value="on" $Tchecked2>Not Done<BR>
> > > </fieldset>";
> > > ?>
> > > PROCESSING:
> > > <?PHP
> > >
> >
> > print_r($_POST);  //what do you get?
> >
> > >                $tab = $_POST['rdoTab'];
> > >                $record = $_POST['txtRecord'];
> > >                $updateQuery = "UPDATE `current` SET Tab='$tab'  WHERE
> > Record='$record'";
> > >               mysqli_real_query($link, $updateQuery);
> > > ?>
> > >
> >
> > You're saying now that that record now has field Tab=''?
> >
> > -Shawn
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux