Re: mySQL UPDATE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thu, 9 Jun 2005, Ron Piggott wrote:

I created a PHP based mailing list that sends out a Bible verse and a
quotation each day. Today's verses were:

[snip]

Let me show you some code:


It selects a Bible verse:
SELECT * FROM bible ORDER BY RAND() LIMIT 1

On a side note, this is going to be expensive... there was a long thread on this just recently, but at the very least do:

SELECT COUNT(*) FROM bible;
$random_record = rand(0, $value_from_query);
SELECT * FROM bible LIMIT 1 OFFSET $random_record;


Then it puts the text into variables:
$bible_verse_ref=mysql_result($result,$i,"bible_verse_ref");
$bible_verse_text=mysql_result($result,$i,"bible_verse_text");
$bible_verse_translation=mysql_result($result,$i,"bible_verse_translation");

Then immediately following this is the UPDATE that didn't work:
UPDATE `bible` SET `current_verse_of_the_day` = '1' WHERE `bible_verse_ref`
LIKE '$bible_verse_ref' AND `bible_verse_text` LIKE '$bible_verse_text' AND
`bible_verse_translation` LIKE '$bible_verse_translation' AND
`current_verse_of_the_day` LIKE '0' LIMIT 1

Where there are no ' or " this piece of code works just fine.  I am
essentially retrieving a Bible verse from the table and then immediately
searching for it to change the 'current_verse_of_the_day' to change from 0
to 1.  I have manually made the change for today and the
current_verse_of_the_day value was 0.  Similar code is used for the
quotation --- but there is no need for me to repeat it here.

Any ideas how I am able to get the use of ' or " to work on this page?

http://us4.php.net/manual/en/function.mysql-real-escape-string.php

Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux