hungryOrb Posted October 5, 2007 Share Posted October 5, 2007 So, hmm.. I'd like to UPDATE a datetime field ONLY IF the database holds "" null already. This works using the checkbox. However, if I do not tick the checkbox, then it tries to update the datetime field in the database with "" null. This gives the error: Error: Incorrect datetime value: '' for column 'Started' at row 1 Of course it is correct, "" is not a correct datetime value. Does anyone know how I can simply get it to do nothing if the 'Started' box is not checked? cod: <?php include("functionlibrary.php"); include("menu.php"); connect(); mysql_select_db("itdb"); // After selecting DB, some database field's values are put into vars. ** $started_query = mysql_query("SELECT Started FROM jobs WHERE `ID`='".$_POST["id"]."'"); $query_row = mysql_fetch_array($started_query, MYSQL_ASSOC); IF (($_POST['started'] == "chk") && ($query_row['Started'] == "")) { $started_store = date('Y-m-d H:i:s'); }ELSE { } // Checks if Box is checked AND(&&) if database has no value in that field already. // ---------------------- Start Update ----- $sql="UPDATE jobs SET Priority='".$_POST["priority"]."', `IT Staff`='".$_POST["itstaff"]."', `Started`='".$started_store."' WHERE `ID`='".$_POST["id"]."'"; // echo $sql."\n<br>\n<br>"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } echo "<font color=\"green\"><br><br>1 record amended"; mysql_close(); ?> Thankyou in advance and kisses. Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/ Share on other sites More sharing options...
hungryOrb Posted October 5, 2007 Author Share Posted October 5, 2007 I have also tried the: IF (($_POST['started'] == "chk") && ($query_row['Started'] == "")) { $started_store = date('Y-m-d H:i:s'); }ELSE{ $started_store = NULL; } approach, which gives the same error ??? .... Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362315 Share on other sites More sharing options...
hungryOrb Posted October 5, 2007 Author Share Posted October 5, 2007 Shameless bump & btw: Does anyone know how to affect an included .php with a css? If the stylesheet is simply included shouldn't it affect all body/head/etc? Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362378 Share on other sites More sharing options...
hungryOrb Posted October 5, 2007 Author Share Posted October 5, 2007 No-one knows about or? Its too simple? Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362465 Share on other sites More sharing options...
MmmVomit Posted October 5, 2007 Share Posted October 5, 2007 Great googly moogly, man! Filter your data! // After selecting DB, some database field's values are put into vars. ** $started_query = mysql_query("SELECT Started FROM jobs WHERE `ID`='".$_POST["id"]."'"); Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362468 Share on other sites More sharing options...
hungryOrb Posted October 5, 2007 Author Share Posted October 5, 2007 NO! I don't know what you mean by that as well! Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362470 Share on other sites More sharing options...
MmmVomit Posted October 5, 2007 Share Posted October 5, 2007 RULE #0) Never use any raw user submitted data in any output. Ever. "Any output" includes all sql queries. Even if you're only running a select query, you have to consider the text of the query as output to the database. The piece of code I quoted is open to sql injection attacks. Filtering data simply means putting it through a series of checks to make sure that it is safe to be used in sql queries or output as html. It should be standard practice. A good approach would be something this. <?php // this array is for storing filtered data // it will eventually have an element corresponding to every element in $_POST $clean = Array() $sqldata = Array() // contains escaped output for use in queries if(isset($_POST['username'])) { if($_POST['username'] != '') { if(preg_match(CONST_REGEX, $_POST['username'])) { if(... ) { $clean['username'] = $_POST['username']; $sqldata['username'] = mysql_real_escape_string($clean['username']); $html['username'] = htmlentities($clean['username']); } } } } // from this point forward you don't touch $_POST // you only use $clean, $sqldata, and $html ?> In the filtering process, you can check the value of $clean['username'] and set $sqldata['username'] accordingly so that it will drop into your sql statement correctly. Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-362494 Share on other sites More sharing options...
hungryOrb Posted October 8, 2007 Author Share Posted October 8, 2007 I see, thankyou Vomit ;] (brings such a pleasant image... ._.) I definetly needed to know that, although, in this case it doesn't matter, because the site im putting together is just something that will be used internally in a company, and not open to the outside www. Link to comment https://forums.phpfreaks.com/topic/71930-updating-null-into-mysql/#findComment-364523 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.