Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name= \"".$formVars["First_Name"]."\",".
"Date_Committed= \"".$formVars["Date_Committed"]."\",".
"Signed_By= \"".$formVars["Signed_By"]."\",".
"Rep= \"".$formVars["Sales_Rep"]."\",".
"Aut= \"".$formVars["Atty"]."\",".
"Car= \"".$formVars["Car"]."\",".
"Dbl= \"".$formVars["Dbl"]."\",".
"Sts= \"".$formVars["Sts"]."\",".
"Notes= \"".$formVars["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVars["Client_ID"]."\"";
mysql_query($query);
Your eyesite is appreciated!
6  1724 
Message-ID: <11*********************@h54g2000cwb.googlegroups. comfrom
Akhenaten contained the following:
>$query="UPDATE table_name set ".
shouldn't that be
$query="UPDATE table_name set
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name= \"".$formVars["First_Name"]."\",".
"Date_Committed= \"".$formVars["Date_Committed"]."\",".
"Signed_By= \"".$formVars["Signed_By"]."\",".
"Rep= \"".$formVars["Sales_Rep"]."\",".
"Aut= \"".$formVars["Atty"]."\",".
"Car= \"".$formVars["Car"]."\",".
"Dbl= \"".$formVars["Dbl"]."\",".
"Sts= \"".$formVars["Sts"]."\",".
"Notes= \"".$formVars["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVars["Client_ID"]."\"";
mysql_query($query);
Your eyesite is appreciated!
Wow, that's really hard to read... is there are reason you keep opening
and closing the string? It would be much easier to write it like this:
$query="UPDATE table_name set
First_Name = \"$formVars[First_Name]\",
Date_Committed = \"$formVars[Date_Committed]\",
Signed_By = \"$formVars[Signed_By]\",
....
";
or even using heredoc syntax like this:
$query = <<<END_OF_QUERY
UPDATE table_name set
First_Name = "$formVars[First_Name]",
Date_Committed = "$formVars[Date_Committed]",
Signed_By = "$formVars[Signed_By]",
...
END_OF_QUERY;
Secondly, I hope you are escaping the variables in $formVars before
putting them into that string. If not, someone could inject sql into
the form variables and your sql will have unexpected consequences. Try
Googling "sql injection attack" some time to find out more.
If you use the PEAR DB library, ADODB or ADODB_Lite (and other database
libraries that are out there) instead of the straight php mysql_*
functions, you'll be able to use variable binding which helps to
eliminate the sql injection issues, and also can make your code a lot
easier to read. They also add portability between databases and error
checking.
Example of variable binding:
$db->query("
UPDATE table_name
SET First_Name = ?,
Date_Committed = ?,
Signed_By = ?
...",
array(
$formVars['First_Name'],
$formVars['Date_Committed'],
$formVars['Signed_By']
...
)
);
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
..oO(Chris Hope)
>Wow, that's really hard to read... is there are reason you keep opening
and closing the string? It would be much easier to write it like this:
$query="UPDATE table_name set
First_Name = \"$formVars[First_Name]\",
Date_Committed = \"$formVars[Date_Committed]\",
Signed_By = \"$formVars[Signed_By]\",
...
";
Even simpler and more SQL-compliant with single quotes:
$query="UPDATE table_name set
First_Name = '$formVars[First_Name]',
Date_Committed = '$formVars[Date_Committed]',
Signed_By = '$formVars[Signed_By]',
....
";
>If you use the PEAR DB library, ADODB or ADODB_Lite (and other database
libraries that are out there) instead of the straight php mysql_*
functions, you'll be able to use variable binding which helps to
eliminate the sql injection issues, and also can make your code a lot
easier to read.
http://www.php.net/pdo
Micha
Michael Fesser wrote:
.oO(Chris Hope)
>>Wow, that's really hard to read... is there are reason you keep
opening and closing the string? It would be much easier to write it
like this:
$query="UPDATE table_name set
First_Name = \"$formVars[First_Name]\",
Date_Committed = \"$formVars[Date_Committed]\",
Signed_By = \"$formVars[Signed_By]\",
...
";
Even simpler and more SQL-compliant with single quotes:
$query="UPDATE table_name set
First_Name = '$formVars[First_Name]',
Date_Committed = '$formVars[Date_Committed]',
Signed_By = '$formVars[Signed_By]',
...
";
Very true. Now why didn't I think of that ;)
>>If you use the PEAR DB library, ADODB or ADODB_Lite (and other
database libraries that are out there) instead of the straight php
mysql_* functions, you'll be able to use variable binding which helps
to eliminate the sql injection issues, and also can make your code a
lot easier to read.
http://www.php.net/pdo
I haven't yet used PDO so I always forget it exists :)
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name= \"".$formVars["First_Name"]."\",".
"Date_Committed= \"".$formVars["Date_Committed"]."\",".
"Signed_By= \"".$formVars["Signed_By"]."\",".
"Rep= \"".$formVars["Sales_Rep"]."\",".
"Aut= \"".$formVars["Atty"]."\",".
"Car= \"".$formVars["Car"]."\",".
"Dbl= \"".$formVars["Dbl"]."\",".
"Sts= \"".$formVars["Sts"]."\",".
"Notes= \"".$formVars["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVars["Client_ID"]."\"";
mysql_query($query);
Your eyesite is appreciated!
I don't see any problems with the PHP quotes. However, SQL uses single
quotes (') to indicate a string, not double quotes ("). And you
shouldn't have a \" before the WHERE clause.
Your query should be:
$query="UPDATE table_name set ".
"First_Name= '".$formVars["First_Name"]."', ".
"Date_Committed= '".$formVars["Date_Committed"]."', ".
"Signed_By= '".$formVars["Signed_By"]."', ".
"Rep= '".$formVars["Sales_Rep"]."', ".
"Aut= '".$formVars["Atty"]."', ".
"Car= '".$formVars["Car"]."', ".
"Dbl= '".$formVars["Dbl"]."', ".
"Sts= '".$formVars["Sts"]."', ".
"Notes= '".$formVars["Notes"]."', ".
"WHERE Client_ID = '".$formVars["Client_ID"]."'";
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Akhenaten wrote:
Coding apparently leads to blindness! I have an unclosed quote in here
and I'm not sure where......
$query="UPDATE table_name set ".
"First_Name= \"".$formVars["First_Name"]."\",".
"Date_Committed= \"".$formVars["Date_Committed"]."\",".
"Signed_By= \"".$formVars["Signed_By"]."\",".
"Rep= \"".$formVars["Sales_Rep"]."\",".
"Aut= \"".$formVars["Atty"]."\",".
"Car= \"".$formVars["Car"]."\",".
"Dbl= \"".$formVars["Dbl"]."\",".
"Sts= \"".$formVars["Sts"]."\",".
"Notes= \"".$formVars["Notes"]."\",".
" \"WHERE Client_ID = \"".$formVars["Client_ID"]."\"";
mysql_query($query);
Your eyesite is appreciated!
Instead of doing this, I would suggest taking some wrapper which
builds the querries from you based on an array of values. This is a
sure way of creating code that's very difficult to maintain. Eg. you
want to add something to your tables in the next update, and you have to
insert just the right code in the right place into this mess. Perhaps
PEAR::MDB2 to the rescue? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest...
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to...
|
by: Juan Antonio Villa |
last post by:
Hello, I'm having a problem replicating a simple database using the binary
log replication, here is the problem:
When the master sends an update to the slave, an example update reads as
follows:...
|
by: cwho.work |
last post by:
Hi!
We are using apache ibatis with our MySQL 5.0 database (using innodb
tables), in our web application running on Tomcat 5. Recently we
started getting a number of errors relating to...
|
by: Atli |
last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users.
Anyone should be able to get...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
