Hi, Jason. Do you realize this code is wide open for an SQL injection
attack? The problem could easily be addressed by using a prepared query
instead. For more details, check the mysqli documentation.
Jason Pruim wrote:
The problem is when I am attempting to update some of the info, it
erases the info in the field.
Anyone got a clue as to what is going on? :)
I'm not sure I understand. You mean that some of the fields that should
receive content in the update do not do so? Why not echo $sql and then
submit the form so that you can see the query being sent to your
database? That will probably help you solve the problem. Odds are
there is something wrong with your query.
You'd never want to echo an SQL query in a production environment, but
since this is in development, I assume you needn't worry about that.
You block of "$variable = $_POST['key'];" is a complete waste of time,
BTW. Why create another copy of the data? You could just as easily use
"set FName = '{$_POST['txtFName']}'..." That would also make your
injection vulnerability more obvious to you.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
