mysql_real_escape_string erases existing data?!
Posted: Sun Aug 17, 2008 3:26 pm
I haven't had the smoothest luck with mysql_real_escape_string and right now it's deleting existing data without updating it! What am I doing wrong here...
Code: Select all
$user = $_SESSION['member'];
$password = mysql_real_escape_string($_POST['password']);
$passwordnew = mysql_real_escape_string($_POST['passwordnew']);
$passwordconfirm = mysql_real_escape_string($_POST['passwordconfirm']);
$hometown = mysql_real_escape_string($_POST['hometown']);
$location = mysql_real_escape_string($_POST['location']);
$website = mysql_real_escape_string($_POST['website']);
if ($_POST['passwordnew'] != '') {$result = mysql_query("UPDATE public_accounts SET password='$passwordnew', hometown='$hometown', location='$location', website='$website' WHERE username='$user'"); if (!$result) {$_SESSION['error'] = mysql_error(); header("location:profile.php?error");} else {header("location:profile.php?success=$user");}}
else {$result = mysql_query("UPDATE public_accounts SET hometown='$hometown', location='$location', website='$website' WHERE username='$user'"); if (!$result) {$_SESSION['error'] = mysql_error(); header("location:profile.php?error");} else {header("location:profile.php?success=$user");}}