Update MySql row problem
Posted: Mon Mar 07, 2011 7:46 pm
When I first started working on the code for this portion of my program, I was just using the values submitted right from the form. For security reasons (from what I've learned from members here) I've added the same code I've used elsewhere in the script, but now it won't update the row at all. Am I missing something or doing something wrong here?
I think the problem is in this particular line
Code: Select all
if($_POST['hidden'] == 'true'){
$db = mysqli_connect("xxxx", "xxxx, "xxxx");
$company_desc = "<p>" . implode( "</p>\n<p>", preg_split( '/\n(?:\s*\n)+/', $_POST['company_desc'] ) ) . "</p>";
$company_desc = strip_tags($company_desc, '<p><b><i><ol><ul><li>');
$oldtags = array('<p><ol>', '</ol></p>', '<p><ul>', '</ul></p>', '<p></p>');
$newtags = array('<ol>', '</ol>', '<ul>', '</ul>', '');
$company_desc = str_replace($oldtags, $newtags, $company_desc);
$headshot = mysqli_real_escape_string($db, $_POST['headshot']);
$logo = mysqli_real_escape_string($db, $_POST['logo']);
$website = mysqli_real_escape_string($db, $_POST['website']);
if(!empty($website)){
$proper_url = strpos($website, 'http://');
if($proper_url === false){
$website = 'http://' . $website;
}
}
$designation_array = $_POST['designation'];
foreach ($designation_array as $value) {
$designation .= '<li>' . $value . '</li>' . "\n";
}
$designation = '<ul>' . "\n" . $designation . '</ul>' . "\n";
$phone = mysqli_real_escape_string($db, $_POST['phone']);
$l_name = str_replace("-", " ", ucwords(mysqli_real_escape_string($db, $_POST['l_name'])));
$f_name = ucwords(mysqli_real_escape_string($db, $_POST['f_name']));
$title = mysqli_real_escape_string($db, $_POST['title']);
$company = mysqli_real_escape_string($db, $_POST['company']);
$company_desc = mysqli_real_escape_string($db, $company_desc);
$address_1 = mysqli_real_escape_string($db, $_POST['address_1']);
$address_2 = mysqli_real_escape_string($db, $_POST['address_2']);
$city = mysqli_real_escape_string($db, $_POST['city']);
$state = mysqli_real_escape_string($db, $_POST['state']);
$zip = mysqli_real_escape_string($db, $_POST['zip']);
$designation = mysqli_real_escape_string($db, $designation);
$service_category = mysqli_real_escape_string($db, $_POST['service_category']);
$keywords = mysqli_real_escape_string($db, $_POST['keywords']);
$db->query("UPDATE wp_network_members SET headshot = '$headshot', logo = '$logo', website = '$website', phone = '$phone', l_name = '$l_name', f_name = '$f_name', title = '$title', company = '$company', company_desc = '$company_desc', address_1 = '$address_1', address_2 = '$address_2', city = '$city', state = '$state', designation = '$designation', service_category = '$service_category', company_desc = '$company_desc', keywords = '$keywords' WHERE f_name = '$_POST[f_name]' AND l_name = '$_POST[l_name]'");
}Code: Select all
$db->query("UPDATE wp_network_members SET headshot = '$headshot', logo = '$logo', website = '$website', phone = '$phone', l_name = '$l_name', f_name = '$f_name', title = '$title', company = '$company', company_desc = '$company_desc', address_1 = '$address_1', address_2 = '$address_2', city = '$city', state = '$state', designation = '$designation', service_category = '$service_category', company_desc = '$company_desc', keywords = '$keywords' WHERE f_name = '$_POST[f_name]' AND l_name = '$_POST[l_name]'");