PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Fri Jul 10, 2009 4:48 pm
want to update the table with the image name 06.jpg and add new info on the table
mysql_query ("UPDATE image_details SET caption, location , copyright, uploaded, credits, mature VALUES '$_POST[caption] ' , '$_POST[location]','$_POST[copyright]','$today','$_POST[credits]','$_POST[mature]' WHERE image_name = '$newimage' ");
Last edited by
radium35 on Fri Jul 10, 2009 5:40 pm, edited 2 times in total.
andyhoneycutt
Forum Contributor
Posts: 468 Joined: Wed Aug 27, 2008 10:02 am
Location: Idaho Falls
Post
by andyhoneycutt » Fri Jul 10, 2009 4:54 pm
your syntax for the update statement is all confused:
Check the manual .
p.s. nice imagenames for id's 5 & 6
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Fri Jul 10, 2009 5:05 pm
i have checked it still need help, i never post unless a go thru the manual.
andyhoneycutt
Forum Contributor
Posts: 468 Joined: Wed Aug 27, 2008 10:02 am
Location: Idaho Falls
Post
by andyhoneycutt » Fri Jul 10, 2009 5:08 pm
radium35 wrote: i have checked it still need help, i never post unless a go thru the manual.
Had you gone through the manual you'd realize that UPDATE statements require a set a=b, c=d format, not a, b = c, d as you have in your logic.
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Fri Jul 10, 2009 5:12 pm
solved $result = mysql_query("UPDATE image_details SET location='$_POST[location]' WHERE image_name='$newimage' AND username='$username' ") or die(mysql_error());
McInfo
DevNet Resident
Posts: 1532 Joined: Wed Apr 01, 2009 1:31 pm
Post
by McInfo » Sat Jul 11, 2009 12:26 am
Tell me what happens if I submit a form with this input to your script.
Code: Select all
<input type="text" name="location" value="nowhere', username='injector" />
PHP Manual:
SQL Injection
Edit: This post was recovered from search engine cache.
Last edited by
McInfo on Wed Jun 16, 2010 2:50 pm, edited 1 time in total.
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Sun Jul 12, 2009 9:27 am
hmm ah yes "Form Validation"! Wee
McInfo wrote: Tell me what happens if I submit a form with this input to your script.
Code: Select all
<input type="text" name="location" value="nowhere', username='injector" />
PHP Manual:
SQL Injection