gmaster_PT Posted September 20, 2013 Share Posted September 20, 2013 hi all <?php if (substr($_POST['tag'], 0, 15) == 'chave|commando|'){ include 'db_con.php'; session_start(); $sql = substr($_POST['tag'], 15, 2000); $result = mysql_query($sql); mysql_close($con); echo $results; } else { "<script>window.location = 'http://www.google.com'</script>"; } ?> the tag recive "Update config_hal SET pgtobtn = 5 " if i send the tag like that this works fine ... if i try to send like that "Update config_hal SET pgtobtn = N " this dont work... i know that i should write something like this "Update config_hal SET pgtobtn = 'N' " but also dont work can anybody tellme whats wrong with my code???? Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/ Share on other sites More sharing options...
jcbones Posted September 20, 2013 Share Posted September 20, 2013 Your database column is set to an integer type. So it will not store strings, or alpha characters. Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450489 Share on other sites More sharing options...
gmaster_PT Posted September 20, 2013 Author Share Posted September 20, 2013 no my database its set to varchar if i put manualy it keeps only when i try to update via php dont do nothing... Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450492 Share on other sites More sharing options...
Barand Posted September 20, 2013 Share Posted September 20, 2013 try $result = mysql_query($sql) or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450493 Share on other sites More sharing options...
gmaster_PT Posted September 20, 2013 Author Share Posted September 20, 2013 ok now i get an syntax error because php put the query like this "\'pgtobtn=\'n' way this \ added to the query????? thanks alll Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450499 Share on other sites More sharing options...
gmaster_PT Posted September 21, 2013 Author Share Posted September 21, 2013 ok with $sql = stripslashes(substr($_POST['tag'], 15, 2000)); stripslashes its what i need thankss all for the help. Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450503 Share on other sites More sharing options...
mac_gyver Posted September 21, 2013 Share Posted September 21, 2013 i hope you are not going to use this method, of getting the whole sql query statement via user submitted data, on an actual live web site? your current code will allow anyone who finds the site it run any query they want. they will either delete your data or set any of your data to anything they want. Link to comment https://forums.phpfreaks.com/topic/282328-post-mysql-query/#findComment-1450510 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.