PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sun Oct 22, 2017 7:40 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Sep 21, 2017 11:10 pm 
Offline
Forum Newbie

Joined: Fri Jun 27, 2014 9:23 am
Posts: 9
I'm getting this error when the string I'm trying to insert or update in my table contains the text "create a table x" where "x" can be anything at all. The same happens if the text contains "create table x". I'm guessing that the text is interpreted as part of the SQL query, but I can't find any references to this problem to figure out how to correct it. This is happening with $full_details in the code below:

Syntax: [ Download ] [ Hide ]
mysqli_query($dbi,"UPDATE tracker_submits SET
        full_details='$full_details',
        updater='$_SESSION[id]',
        updatestamp='$timestamp'
WHERE submit_id='$postid'"
) or die(mysqli_connect_error()." Oops! Error Updating Post.");
 


Any help figuring this out will be greatly appreciated.


Top
 Profile  
 
PostPosted: Mon Sep 25, 2017 5:13 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13434
Location: New York, NY, US
What is the error message from mysqli_error()? What is the actual value of $full_details? Did you try prepared statements to make sure your variables are escaped?

_________________
(#10850)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group