开发者

sql UPDATE error?

问答 作者:

I've followed all the mySQL tutorials correctly but it still won't update the values in my table, can someone please help me?, these are my values below:

$editid = $_GET['id'];
$newtitle = $_POST['title'];
$newsneak = $_POST['sneak'];
$newbody = $_POST['body'];

$connect = mysql_connect("localhost","username","password") or die("Couldn't Connect. ");
mysql_select_db("dr") or die ("Couldn't Find DB.");

$query = mysql_query("SELECT * FROM news WHERE id=$editid");

$numrows = mysql_num_rows($query);

if($numrows=!0)
{
$querytitle = mysql_query("UPDATE news SET title=$newtitle WHERE id=$editid");
$querysneak = mysql_query("UPDATE news SET summary=$newsneak WHERE id=$editid");
$querybody  = mysql_query("UPDATE news SET body=$newbody WHERE id=$editid");
header("Location:开发者_开发问答 ../index.php");
}

On your select (add myql_error to check error):

   $result = mysql_query("SELECT * FROM news WHERE id='$editid'");
   if (!$result) {
       die('Invalid query: ' . mysql_error());
   }

On your update:

$querytitle = mysql_query("UPDATE news SET title='$newtitle' WHERE id='$editid'");
$querysneak = mysql_query("UPDATE news SET summary=$newsneak WHERE id='$editid'");
$querybody  = mysql_query("UPDATE news SET body='$newbody' WHERE id='$editid'");

use single quote around input data also use mysql_real_escape_string(); avoid sql injection.

PHP mysql_real_escape_string

As per @Tchalvak suggestion to include mention of binding, these are more updated tools against SQL Injections plus better optimization, but keep in mind PDO and MySQLi are supported if you have PHP 5+:

PHP PDO

and

PHP MySQLi

Can I add as well once you finish debugging to please remove any mysql_error() output? This is awesome info for attackers since it reveals database details. Either log it or don't show errors...adds a little extra security.

You want to use the mysql_error function to see what error your query returns.

As integration pointed out by Jeremy Conley, pay attention to don't let the mysql_error function output get published in your production HTML.

继续阅读:phpsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9