Jump to content

mysql query from post


gmaster_PT

Recommended Posts

hi all i have this code

<?php
if (substr($_POST['tag'], 0, 15) == 'chave|commando|'){
include 'db_con.php';
session_start();
$sql = substr($_POST['tag'], 15, 2000);
mysql_real_escape_string();											  
$result = mysql_query($sql);
//if(mysql_num_rows($result) > 0)
//while($row=mysql_fetch_row($result,MYSQL_ASSOC))
//$results=$row['nome'].";".$row['creditos'].";".$row['comeu'].";".$row['entradasp'].";".$row['saidasp'].";".$row['entradast'].";".$row['saidast'].";".$row['percmax'].";".$row['percmin'].";".$//row['premio'];
mysql_close($con);
echo $results;
} else { 
"<script>window.location = 'http://www.google.com'</script>";
}


?>

this codes recives a complete string from vb.net aplication the problem is

this code updates ok if the string contains only number but if i try to send any leters they dont write or insert on my sql can anybody tellme way ?

i think that it because of quotes but i dont know how to use it.. realy thanks alll

Link to post
Share on other sites

As we have no idea what $sql contains then what do expect us say?

 

Have you tried checking what mysql_error() returns after running the query?

 

That call to mysql_real_escape string() does nothing and is totally useless.

 

What does this have to do with maths (this is the php maths forum)?

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.