Jump to content


Photo

String changing..


  • Please log in to reply
3 replies to this topic

#1 insaynewrapper

insaynewrapper
  • New Members
  • Pip
  • Newbie
  • 6 posts

Posted 13 June 2006 - 10:07 AM

In the site I'm currently working on I'm having a reoccuring problem where for some reason a particular variable just likes to change itself to '0'. Here's one instance of the code..

if($_POST['submit'] == "Update")
{
    $realname = sanitize($_POST['realname']);
    if($realname)
    {
        if(strlen($realname) > 64)
        {
            doMessage('Your real name must be less than 64 characters.');
        }
    }
    if(strlen($_SESSION['message']) == 0)
    {
        doQuery("UPDATE `members` SET `realname`='$realname' AND `gender`='$gender' AND `location`='$location' AND `birthday`='$birthday' AND `email`='$email' AND `about`='$about' AND `forumavatar`='$forumavatar' WHERE `username`='". $userInfo['username'] ."'");
    }
}

The doQuery function is nothing but
function doQuery($query)
{
    $query = mysql_query($query .';') or die($dieMessage . "\n<br />". mysql_errno() .': '. mysql_error() .'</p>');
    return $query;
}

And the doMessage is just
function doMessage($messageStr, $class="error")
{
    if($_SESSION['message']) {$_SESSION['message'] .= "\n<br />";}
    $_SESSION['message'] .= '<span class="$class">'. $messageStr .'</span>';
}

Everything else will insert itself in the database fine, but for some reason 'realname' will change itself to 0. I cannot figure out why.
I left out big chunks of code from the first part, but nothing I would think worth posting..
If anybody can figure out what I'm doing wrong I would greatly appreciate it. I've exhausted myself for over a month now trying to figure out what the deal is.

Thanks alot!
Daniel

#2 coldkill

coldkill
  • Members
  • PipPipPip
  • Advanced Member
  • 159 posts
  • LocationUnited Kingdom

Posted 13 June 2006 - 10:12 AM

What does the sanitize function do? If it is adding slashes or the sort you might want to use mysql_real_escape_string() which will also help stop injection attacks.


You can learn alot from reading the manual

#3 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 13 June 2006 - 10:23 AM

[!--quoteo(post=383184:date=Jun 13 2006, 10:12 AM:name=coldkill)--][div class=\'quotetop\']QUOTE(coldkill @ Jun 13 2006, 10:12 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
What does the sanitize function do? If it is adding slashes or the sort you might want to use mysql_real_escape_string() which will also help stop injection attacks.
[/quote]


sanitize? what that mean get rid of it lol.

Wash a string according to google.

Echo out the query then post the result ok.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#4 insaynewrapper

insaynewrapper
  • New Members
  • Pip
  • Newbie
  • 6 posts

Posted 16 June 2006 - 06:34 AM

Well sanitize is supposed to add slashes and such, but right now it doesn't do anything. It just returns back the string.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users