Re: PHP and MYSQL Update problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Manu Gupta wrote:
try ..
$q = addslashes("UPDATE episodes SET episode_title = '$_POST[episode_title]'
,
episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
, episode_description = '$_POST[episode_description]' WHERE episode_id
= $_POST[episode_id]");

or try

$q = "UPDATE episodes SET episode_title = '{$_POST[episode_title]}' ,
episode_scheduleddate = "{.strtotime($_POST['episode_scheduleddate'])}."
, episode_description = '{$_POST[episode_description]}' WHERE episode_id
= {$_POST[episode_id]}";

Good idea but you don't addslashes the whole query (and addslashes is the wrong thing to use).

Use mysql_real_escape_string around bits and pieces you want to escape:

$q = "update episodes set episode_title='" . mysql_real_escape_string($_POST['episode_title']) . "', ......

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux