File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes PHP and the fly likes problem in updating data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Languages » PHP
Bookmark "problem in updating data" Watch "problem in updating data" New topic
Author

problem in updating data

Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 1000
    
    2
hello i m having difficulty in updating a form, i created a form which has two buttons, one is for edit and one is for update, but when i am updating my data after editing, it update 0 instead of the data, i mean i m getting 0 in my db, data is replaced to 0, here is my code:

Nick Charles
Ranch Hand

Joined: Oct 09, 2011
Posts: 71

First, never ever write code like this. Never build an SQL query by concatenating user input, such code is subject to an SQL injection attack. You would be better off using mysqli::query() and then passing the parameters using mysqli_stmt::bind_param().

Second, your UPDATE statement lacks a WHERE clause. Therefore, ALL records in the database will be updated with this information.

Finally, I tried your code (though I reduced the database to three columns), and it updated just fine for me (though, of course, all rows in the database now have the same values). I assume that the file was named update.php.
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 1000
    
    2
okay it's working for me...
but how mysql_query can cause sql injuctions??
i use mysql_query in each of my database query...
Nick Charles
Ranch Hand

Joined: Oct 09, 2011
Posts: 71

How? By someone entering something like "foo; delete * from stu_form;..." in the name field of yous form. You should read up on sql injection. And never ever code like this again.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61448
    
  67



[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 1000
    
    2
but i will use mysql_real_escape_string to prevent from sql injuctions..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: problem in updating data