On February 23, 2009 15:34:58 revDAVE wrote:
> Hi folks,
>
> //but this does not..
> $updateSQL ="UPDATE `mytable` SET thetotal=$amt WHERE
> id=$_SESSION['thisid']";
>
> Q: How can I fix it?
try :
$updateSQL ="UPDATE `mytable` SET thetotal=$amt WHERE
id={$_SESSION['thisid']}";
or even better:
$updateSQL ="UPDATE `mytable` SET thetotal=".mysql_real_escape_string($amt).
" WHERE id=".mysql_real_escape_string($_SESSION['thisid']);
substituting mysql_real_escape_string with the escape function for your
database.
--
Philip Graham
Lightbox Technologies
Suite 312 240 Catherine St.
Ottawa, ON, K2P 2G8
613-686-1661 ext. 102
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
