Yeh, didn't use foobar. Where does foobar come from? And that ipse lorum ... or something like that you always see in examples. I always use rude words in my test data, much easier. Anyway, thanks again.
-
bloggoth
If everything isn't black and white, I say, 'Why the hell not?'
John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson) -
A metasyntactic variable (see https://en.wikipedia.org/wiki/Foobar)Originally posted by xoggoth View Post
(Or a corruption of fubar
)
Comment
-
That's a pretty flaky approach, inefficient and no transactional integrity, what happens if the date update works but title doesn't? Do it as a single atomic UPDATE.Originally posted by xoggoth View Post
Also how are the $vars sanitized? What if $id became "1; DELETE FROM whlist"?Comment
-
Cheers TGB. I do sanitise, remove quotes etc, and check if update worked but didn't put those lines here to keep it simple. As per post I would normally do a single update line but not working here for some reason, my flaky aproach only one that worked. Not a site of any importance anyway.
PS Not quite sure what atomic is, have to have a Google.
PPS Nice cartoon. xkcd: Exploits of a MomLast edited by xoggoth; 31 July 2023, 10:46.bloggoth
If everything isn't black and white, I say, 'Why the hell not?'
John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)Comment
-
-
You said your solution is working? Are you sure it is? ie. is it actually inserting the values of variables $date, $title etc, or is it inserting the string values "$date", "$title" etc.
Here's what i think it should be (typed from memory, not tested). The {} inserts the variables into the query string.
PHP Code:$sql = $con->query("UPDATE whlist SET date='{$date}', title='{$title}', speaker='{$speaker}', description='{$description}'
WHERE id={$id}");
The above assumes id is numeric key, otherwise
PHP Code:$sql = $con->query("UPDATE whlist SET date='{$date}', title='{$title}', speaker='{$speaker}', description='{$description}'
WHERE id='{$id}'");
If you're still getting errors, do
PHP Code:print_r($sql);
To show you what the raw SQL being executed is.Last edited by Paralytic; 31 July 2023, 14:27.Comment
-
Thanks all but no need for any more solutions, it's just a little local history website, form will only be used by me and maybe 2 other people. Working ok at mo.
I do have a much more complicated small businesss website with checkout, one of the lines here, (daddress = sanitised version of address etc.) works fine:
$sql = $con->query("UPDATE shop SET name='$dname',school='$dschool',address='$daddress ',postcode='$postcode',country='$country',
tel='$tel',email='$email',comment='$dcomment' WHERE custid = '$custid'");
if ($sql === FALSE)
{
echo "Error: " . $sql . "<br>" . $con->error;
echo "Update cust 1 failed";
}
Just that that aproach with multiple items did not work in the little history thing, dunno why.Last edited by xoggoth; 31 July 2023, 20:29.bloggoth
If everything isn't black and white, I say, 'Why the hell not?'
John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)Comment
-
You called? Supplies of Cobalt Thorium G are quite healthy at the moment.Originally posted by xoggoth View PostWhen the fun stops, STOP.Comment
-
Foobar is similar to Bob and Alice in cryptography.Originally posted by HoofHearted View PostSee You Next TuesdayComment
Comment