Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name = \"".$formVar s["First_Name "]."\",".
"Date_Committed = \"".$formVar s["Date_Committed "]."\",".
"Signed_By= \"".$formVar s["Signed_By"]."\",".
"Rep= \"".$formVar s["Sales_Rep"]."\",".
"Aut= \"".$formVar s["Atty"]."\",".
"Car= \"".$formVar s["Car"]."\",".
"Dbl= \"".$formVar s["Dbl"]."\",".
"Sts= \"".$formVar s["Sts"]."\",".
"Notes= \"".$formVar s["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVar s["Client_ID"]."\"";
mysql_query($qu ery);
Your eyesite is appreciated! 6 1744
Message-ID: <11************ *********@h54g2 000cwb.googlegr oups.comfrom
Akhenaten contained the following:
>$query="UPDA TE table_name set ".
shouldn't that be
$query="UPDATE table_name set
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name = \"".$formVar s["First_Name "]."\",".
"Date_Committed = \"".$formVar s["Date_Committed "]."\",".
"Signed_By= \"".$formVar s["Signed_By"]."\",".
"Rep= \"".$formVar s["Sales_Rep"]."\",".
"Aut= \"".$formVar s["Atty"]."\",".
"Car= \"".$formVar s["Car"]."\",".
"Dbl= \"".$formVar s["Dbl"]."\",".
"Sts= \"".$formVar s["Sts"]."\",".
"Notes= \"".$formVar s["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVar s["Client_ID"]."\"";
mysql_query($qu ery);
Your eyesite is appreciated!
Wow, that's really hard to read... is there are reason you keep opening
and closing the string? It would be much easier to write it like this:
$query="UPDATE table_name set
First_Name = \"$formVars[First_Name]\",
Date_Committed = \"$formVars[Date_Committed]\",
Signed_By = \"$formVars[Signed_By]\",
....
";
or even using heredoc syntax like this:
$query = <<<END_OF_QUE RY
UPDATE table_name set
First_Name = "$formVars[First_Name]",
Date_Committed = "$formVars[Date_Committed]",
Signed_By = "$formVars[Signed_By]",
...
END_OF_QUERY;
Secondly, I hope you are escaping the variables in $formVars before
putting them into that string. If not, someone could inject sql into
the form variables and your sql will have unexpected consequences. Try
Googling "sql injection attack" some time to find out more.
If you use the PEAR DB library, ADODB or ADODB_Lite (and other database
libraries that are out there) instead of the straight php mysql_*
functions, you'll be able to use variable binding which helps to
eliminate the sql injection issues, and also can make your code a lot
easier to read. They also add portability between databases and error
checking.
Example of variable binding:
$db->query("
UPDATE table_name
SET First_Name = ?,
Date_Committed = ?,
Signed_By = ?
...",
array(
$formVars['First_Name'],
$formVars['Date_Committed '],
$formVars['Signed_By']
...
)
);
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
..oO(Chris Hope)
>Wow, that's really hard to read... is there are reason you keep opening and closing the string? It would be much easier to write it like this:
$query="UPDA TE table_name set
First_Name = \"$formVars[First_Name]\",
Date_Committed = \"$formVars[Date_Committed]\",
Signed_By = \"$formVars[Signed_By]\", ... ";
Even simpler and more SQL-compliant with single quotes:
$query="UPDATE table_name set
First_Name = '$formVars[First_Name]',
Date_Committed = '$formVars[Date_Committed]',
Signed_By = '$formVars[Signed_By]',
....
";
>If you use the PEAR DB library, ADODB or ADODB_Lite (and other database libraries that are out there) instead of the straight php mysql_* functions, you'll be able to use variable binding which helps to eliminate the sql injection issues, and also can make your code a lot easier to read.
http://www.php.net/pdo
Micha
Michael Fesser wrote:
.oO(Chris Hope)
>>Wow, that's really hard to read... is there are reason you keep opening and closing the string? It would be much easier to write it like this:
$query="UPDAT E table_name set First_Name = \"$formVars[First_Name]\", Date_Committed = \"$formVars[Date_Committed]\", Signed_By = \"$formVars[Signed_By]\", ... ";
Even simpler and more SQL-compliant with single quotes:
$query="UPDATE table_name set
First_Name = '$formVars[First_Name]',
Date_Committed = '$formVars[Date_Committed]',
Signed_By = '$formVars[Signed_By]',
...
";
Very true. Now why didn't I think of that ;)
>>If you use the PEAR DB library, ADODB or ADODB_Lite (and other database libraries that are out there) instead of the straight php mysql_* functions, you'll be able to use variable binding which helps to eliminate the sql injection issues, and also can make your code a lot easier to read.
http://www.php.net/pdo
I haven't yet used PDO so I always forget it exists :)
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name = \"".$formVar s["First_Name "]."\",".
"Date_Committed = \"".$formVar s["Date_Committed "]."\",".
"Signed_By= \"".$formVar s["Signed_By"]."\",".
"Rep= \"".$formVar s["Sales_Rep"]."\",".
"Aut= \"".$formVar s["Atty"]."\",".
"Car= \"".$formVar s["Car"]."\",".
"Dbl= \"".$formVar s["Dbl"]."\",".
"Sts= \"".$formVar s["Sts"]."\",".
"Notes= \"".$formVar s["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVar s["Client_ID"]."\"";
mysql_query($qu ery);
Your eyesite is appreciated!
I don't see any problems with the PHP quotes. However, SQL uses single
quotes (') to indicate a string, not double quotes ("). And you
shouldn't have a \" before the WHERE clause.
Your query should be:
$query="UPDATE table_name set ".
"First_Name = '".$formVars["First_Name "]."', ".
"Date_Committed = '".$formVars["Date_Committed "]."', ".
"Signed_By= '".$formVars["Signed_By"]."', ".
"Rep= '".$formVars["Sales_Rep"]."', ".
"Aut= '".$formVars["Atty"]."', ".
"Car= '".$formVars["Car"]."', ".
"Dbl= '".$formVars["Dbl"]."', ".
"Sts= '".$formVars["Sts"]."', ".
"Notes= '".$formVars["Notes"]."', ".
"WHERE Client_ID = '".$formVars["Client_ID"]."'";
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name = \"".$formVar s["First_Name "]."\",".
"Date_Committed = \"".$formVar s["Date_Committed "]."\",".
"Signed_By= \"".$formVar s["Signed_By"]."\",".
"Rep= \"".$formVar s["Sales_Rep"]."\",".
"Aut= \"".$formVar s["Atty"]."\",".
"Car= \"".$formVar s["Car"]."\",".
"Dbl= \"".$formVar s["Dbl"]."\",".
"Sts= \"".$formVar s["Sts"]."\",".
"Notes= \"".$formVar s["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVar s["Client_ID"]."\"";
mysql_query($qu ery);
Your eyesite is appreciated!
Instead of doing this, I would suggest taking some wrapper which
builds the querries from you based on an array of values. This is a
sure way of creating code that's very difficult to maintain. Eg. you
want to add something to your tables in the next update, and you have to
insert just the right code in the right place into this mess. Perhaps
PEAR::MDB2 to the rescue? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest version of this document can be found at:
http://prdownloads.sourceforge.net/souptonuts/README_mysql.txt?download
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to
communicate with a MySQL database table on a web server, from inside
of my company's Access-VBA application. I know VBA pretty well but
have never before needed to do this HTTP/XML/MySQL type functions.
|
by: Juan Antonio Villa |
last post by:
Hello, I'm having a problem replicating a simple database using the binary
log replication, here is the problem:
When the master sends an update to the slave, an example update reads as
follows:
UPDATE MainInfo SET dAddress='38 Holland Blvd', dCity='miami',
dState='FL', dZip='33000', dCountry='USA', dPhone='999987565',
dNum='AC15857', dName='Michael A Scott' WHERE did=22'
|
by: cwho.work |
last post by:
Hi!
We are using apache ibatis with our MySQL 5.0 database (using innodb
tables), in our web application running on Tomcat 5. Recently we
started getting a number of errors relating to
java.sql.SQLException: Deadlock found when trying to get lock; Try
restarting transaction message from server: "Lock wait timeout
exceeded; try restarting transaction";
We get such errors generally on inserts or updates while applying a
|
by: Atli |
last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users.
Anyone should be able to get through this without much trouble. Programming knowledge is not required.
Index
What is SQL?
Why MySQL?
Installing MySQL.
Using the MySQL command line interface
| |
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |