• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

problem in updating data

 
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello i m having difficulty in updating a form, i created a form which has two buttons, one is for edit and one is for update, but when i am updating my data after editing, it update 0 instead of the data, i mean i m getting 0 in my db, data is replaced to 0, here is my code:

 
Ranch Hand
Posts: 71
PHP Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First, never ever write code like this. Never build an SQL query by concatenating user input, such code is subject to an SQL injection attack. You would be better off using mysqli::query() and then passing the parameters using mysqli_stmt::bind_param().

Second, your UPDATE statement lacks a WHERE clause. Therefore, ALL records in the database will be updated with this information.

Finally, I tried your code (though I reduced the database to three columns), and it updated just fine for me (though, of course, all rows in the database now have the same values). I assume that the file was named update.php.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
okay it's working for me...
but how mysql_query can cause sql injuctions??
i use mysql_query in each of my database query...
 
Nick Charles
Ranch Hand
Posts: 71
PHP Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How? By someone entering something like "foo; delete * from stu_form;..." in the name field of yous form. You should read up on sql injection. And never ever code like this again.
 
Sheriff
Posts: 67682
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
but i will use mysql_real_escape_string to prevent from sql injuctions..
 
They gave me pumpkin ice cream. It was not pumpkin pie ice cream. Wiping my tongue on this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic