<code>
if (isset($_POST['eMonth']) && $_POST['eMonth'] != '')
$eMonth = $_POST['eMonth'];
else $eMonth = '01';
if (isset($_POST['eDay']) && $_POST['eDay'] != '')
$eMonth = $_POST['eDay'];
else $eMonth = '01';
if (isset($_POST['eYear']) && $_POST['eYear'] != '')
$eYear = $_POST['eYear'];
else $eYear = '2007';
Can I suggest the use of curly braces? It's much easier to read:
if (isset($_POST['eYear']) && $_POST['eYear'] != '') {
$eYear = (int)$_POST['eYear'];
} else {
$eYear = '2007';
}
$updateEventQuery = "UPDATE events SET EventDate = '$eYear-$eMonth-$eDay',
AppliedFYE = '$appliedFYE', LocationID = '$eLocation', StartTime =
'$eHour:$eMin $eAMPM', Type = '$eType', Format = '$eFormat', Description =
'$eDescription', EventApproved = '$eApproved', EventOfficial = '$eOfficial',
LastUpdateBy = '".$_SESSION['ContactID']."' WHERE EventID =
'".$_GET['eventid']."'";
You have sql injection bugs waiting to happen here.
make sure the eventid is an integer at least:
..." . (int)$_GET['eventid'] . "'";
And I also suggest reading up about escaping strings
(http://php.net/mysql_real_escape_string &
http://php.net/mysql_escape_string).
Of course you might have taken all that out to post an easier example,
if that's the case then ignore those comments ;)
UPDATE events SET EventDate = '2006-10-10', AppliedFYE = '2007', LocationID
= '14', StartTime = '5:00 PM', Type = '3', Format = 'BOARD', Description =
'Regular board meeting', EventApproved = '1', EventOfficial = '0',
LastUpdateBy = '209' WHERE EventID = '54'
When this query is actually run on the DB though, it queries with no errors,
and all the data is saved/updated properly *except* the date - it becomes
0000-00-00.
I was going to suggest it's an invalid date-format but that looks fine.
What is eventdate? a date field, a timestamp, other ?
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
