Update Funtion

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

ole wrote:You realize you are setting city field to the literal string '{$_POST['Philadelphia']}'.
Its not using the value in $_POST.
No, {$_POST['Philadelphia']} gets substituted

Code: Select all

$_POST = array('Philadelphia'=>'xyz');
echo "UPDATE table  SET city ='{$_POST['Philadelphia']}' WHERE id='1'";
prints
UPDATE table SET city ='xyz' WHERE id='1'
But there might be another issue: sql injections
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

The dollar is escaped:

Code: Select all

$pairs[] = "$name ='{\$_POST['" . mysql_real_escape_string($value) . "']}'";
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Ah ok, I thought you responded to
psurrena wrote:The code right now ends up being this:

Code: Select all

"UPDATE table  SET city ='{$_POST['Philadelphia']}' WHERE id='1'"
which seems right to me.
Post Reply