Re: Passing variables between html forms and updating sql table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thursday 18 September 2003 01:03, David wrote:

> I need a secure way of updating mysql on the website, phpadmin is not
> secure enough

Why is phpadmin not secure enough? Or to put it another way, what are you 
doing differently that makes it more secure than php admin? 

> So I have created these pages in order:
> A page to choose the databases
> Next a page to choose the table
> Next a list of the records in the table
> Next to edit the page using textboxes and textareas
> I pass the database name, table name, and the records to change to the
> page with the problem.
> The passed values have the same field name as the record in the database
> e.g. id
> The problem I can see is that I cannot access the passed variables, that
> is why the update is failing , 

Most likely register_globals (google or search archive or RTFM).

> although I do not get any errors.

Have you set the highest level of error reporting? And set it to display 
errors (or log to file)? 

> I am trying to access the passed variables with this line $fieldname2 =
> "$".$fieldname;

Not sure what you're trying to do here but ...

> <?php
>
>   $MySQLLink = mysql_pconnect ("davecp4", "root", "")
>    or die("Could not attach to database. Please try later or contact
> webmaster@anagram-sys.co.uk");
>    mysql_select_db($database_name, $MySQLLink) or die("ERROR--CAN'T CONNECT
> TO DB");
>
>    $result = mysql_query("SELECT * FROM ".$table_name) or die("Error: " .
> mysql_error());
>
>    for($i = 1; $i < mysql_num_fields($result); $i++)
>    {
>     $fieldname = mysql_field_name($result, $i);
>     $fieldname2 = "$".$fieldname;
>     mysql_query("UPDATE $table_name SET $fieldname=$fieldname2 WHERE id
> =$id");
>     echo $fieldname."<br>".$fieldname2."<br>";

... does the above echo display what you expected it to?


-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
------------------------------------------
/*
Every time I think I know where it's at, they move it.
*/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux