Jump to content

Archived

This topic is now archived and is closed to further replies.

insaynewrapper

String changing..

Recommended Posts

In the site I'm currently working on I'm having a reoccuring problem where for some reason a particular variable just likes to change itself to '0'. Here's one instance of the code..

[code]if($_POST['submit'] == "Update")
{
    $realname = sanitize($_POST['realname']);
    if($realname)
    {
        if(strlen($realname) > 64)
        {
            doMessage('Your real name must be less than 64 characters.');
        }
    }
    if(strlen($_SESSION['message']) == 0)
    {
        doQuery("UPDATE `members` SET `realname`='$realname' AND `gender`='$gender' AND `location`='$location' AND `birthday`='$birthday' AND `email`='$email' AND `about`='$about' AND `forumavatar`='$forumavatar' WHERE `username`='". $userInfo['username'] ."'");
    }
}[/code]

The doQuery function is nothing but
[code]function doQuery($query)
{
    $query = mysql_query($query .';') or die($dieMessage . "\n<br />". mysql_errno() .': '. mysql_error() .'</p>');
    return $query;
}[/code]

And the doMessage is just
[code]function doMessage($messageStr, $class="error")
{
    if($_SESSION['message']) {$_SESSION['message'] .= "\n<br />";}
    $_SESSION['message'] .= '<span class="$class">'. $messageStr .'</span>';
}[/code]

Everything else will insert itself in the database fine, but for some reason 'realname' will change itself to 0. I cannot figure out why.
I left out big chunks of code from the first part, but nothing I would think worth posting..
If anybody can figure out what I'm doing wrong I would greatly appreciate it. I've exhausted myself for over a month now trying to figure out what the deal is.

Thanks alot!
Daniel

Share this post


Link to post
Share on other sites
What does the sanitize function do? If it is adding slashes or the sort you might want to use mysql_real_escape_string() which will also help stop injection attacks.

Share this post


Link to post
Share on other sites
[!--quoteo(post=383184:date=Jun 13 2006, 10:12 AM:name=coldkill)--][div class=\'quotetop\']QUOTE(coldkill @ Jun 13 2006, 10:12 AM) [snapback]383184[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What does the sanitize function do? If it is adding slashes or the sort you might want to use mysql_real_escape_string() which will also help stop injection attacks.
[/quote]


sanitize? what that mean get rid of it lol.

Wash a string according to google.

Echo out the query then post the result ok.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.