Posted: Mon Jan 01, 2007 2:49 pm
No, {$_POST['Philadelphia']} gets substitutedole wrote:You realize you are setting city field to the literal string '{$_POST['Philadelphia']}'.
Its not using the value in $_POST.
Code: Select all
$_POST = array('Philadelphia'=>'xyz');
echo "UPDATE table SET city ='{$_POST['Philadelphia']}' WHERE id='1'";But there might be another issue: sql injectionsUPDATE table SET city ='xyz' WHERE id='1'