Boxerman Posted October 14, 2012 Share Posted October 14, 2012 Hi guys, sorry if this is the wrong section but its a mixture of sql and php.. however i believe it may be sql... sorry if i am wrong. I'm having an issue with a script... the SQL in this is the following: <?php if(isset($_GET['flag'])) { $con = mysql_connect("localhost","*******","****************"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("movies", $con); $sql="UPDATE movies WHERE id = '$_GET['id']' set flag VALUES ('1')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "<font color='green'>Thanks for reporting!</font><br><br>"; mysql_close($con); } ?> What the aim of it is... to update a coloum in movies database called flag and just put 1 in there. Again sorry if i am wrong! Thanks, B Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 14, 2012 Share Posted October 14, 2012 Your SQL syntax is off. See the examples here: http://dev.mysql.com/doc/refman/5.0/en/update.html Quote Link to comment Share on other sites More sharing options...
Boxerman Posted October 14, 2012 Author Share Posted October 14, 2012 Ok thanks so it is SQL. Would this be correct? UPDATE movies SET flag=1 WHERE id='$_GET['id']' ? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 14, 2012 Share Posted October 14, 2012 Assuming $_GET['id'] is an integer, you should validate it and cast it as int, and leave it unquoted in the query string. The code below doesn't address the validation part . . . $id = (int) $_GET['id']; $sql = "UPDATE movies SET flag = 1 WHERE id = $id"; Quote Link to comment Share on other sites More sharing options...
Boxerman Posted October 14, 2012 Author Share Posted October 14, 2012 Thank you for your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.