Updating database using php
You can view my pages online here: need help with the "Edit" section, if you look online.Here is the code for my Edit page: query($sql) or die(mysql_error()); $query=getenv(QUERY_STRING); parse_str($query); //$ud_title = $_POST['Title']; //$ud_pub = $_POST['Publisher']; //$ud_pubdate = $_POST['Publish Date']; //$ud_img = $_POST['Image']; ?Read More The Date is just a VARCHAR right now in the database.When I click the submit button, this error comes up: Warning: mysql_query() [function.mysql-query]: Access denied for user 'apache'@'localhost' (using password: NO) in /ebs/home/baileyjumper/domains/baileyjumper.aisites.com/public_html/Scripting-Week7/homework4/on line 81 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /ebs/home/baileyjumper/domains/baileyjumper.aisites.com/public_html/Scripting-Week7/homework4/on line 81 Cannot update Before clicked there are no errors.You could just as easily throw a delete or drop statement in there instead of just commenting off the remainder of the sql statement.This might not be as critical on an internal site for yourself only but its a big deal to worry about when dealing with public facing sites.
query($sql) or die(mysql_error()); $query=getenv(QUERY_STRING); parse_str($query); //$ud_title = $_POST['Title']; //$ud_pub = $_POST['Publisher']; //$ud_pubdate = $_POST['Publish Date']; //$ud_img = $_POST['Image']; ? So, how could I make the other sections update as well? ']; $pubdate = $_POST['updatepubdate']; $title = $_POST['updatetitle']; $publisher = $_POST['updatepublisher']; //...etc, as many as you need...Yes, it shows up in the database, but it can no longer affect the SQL query. As long as you are using it to wrap your $_GET or $_POST, and then using that value within your query, you are using it before sending a query to My SQL.Using it to escape get or post data before adding it to a database is the correct use of the function.I found that it either made an empty field if it was before the connection to the database, or when I put the variable inside the mysql section it created an error if a name or text had ' in it (which needs to be kept).I've now got a clumsy code where the first part of the php code before the mysql_connect takes the form data:- So it works with text and names which have ' and presumably has the injection protection and I expect I can make the code a bit simpler.