Question about using "POST" and MySQL in PHP
Posted 24 October 2006 - 05:50 PM
I'm certain that one of the PHP masters here on PHP freaks will quickly find and point out my mistake... I have a site where some of the links are stored in MySQL and am trying to update a table that contains the link "names" (display text) and "links" (URLs). The code snippet below is called from my link update page. I know that the variables are being correctly passed, because the "print" statement prints out the updated values. However, the table isn't being updated.
I can make this work if I put actual values in place of the variables (i.e. SET 'name'=\'Some link\', 'link=\'url.com\' WHERE 'key'=2 LIMIT 1), and I'm not getting any errors.
Much fruitless googling and searches of forums (like this one) has not produced any insight. Any assistance in troubleshooting this would be grately appreciated.
//Set the values from the POST
$key = $_POST['ud_key'];
$name = $_POST['ud_name'];
$link = $_POST['ud_link'];
//Check that the values were passed and variables set correctly by printing them
print "Key: $key \n Name: $name \n Link: $link \n";
// Create the query string using the variables
$query='UPDATE `links` SET `name`=$name, `link`=$link WHERE `key`=$key LIMIT 1;';
// Connect to the DB and run query
@mysql_select_db($database) or die( "Unable to select database");
Posted 24 October 2006 - 05:57 PM
$query="UPDATE `links` SET `name`=$name, `link`=$link WHERE `key`=$key LIMIT 1";
Also note I suggest you read up on prevent sql injection attacks. As currently your query is prone to SQL Injection attacks which can cause havoc over your database/others databases too!! Never use raw user input always validate/verify user input!
Posted 24 October 2006 - 05:58 PM
$query = "'UPDATE `links` SET `name`= '$name', `link`= '$link' WHERE `key`= '$key';"';
You might also want to look into using the die() function to help with debugging. eg;
mysql_query($query) or die(mysql_error());
PS: I hope your validating your $_POST variables before letting them near your database!
Posted 24 October 2006 - 06:10 PM
I will also take your advice and read up on SQL injection. I do have a function that's supposed to validate/escape the variables before submitting, but it never hurts to be double sure.
Thanks again--you all rock! :-)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users