-
Amend and Delete data from database
Hello I can you help me with my amend code because is not working.Also if someone could give me a Delete.php code it would be great
Here is my code:
Amend.php
<?php
$con = mysql_connect("*****","*****","****");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("*****", $con);
$sql="UPDATE Users
SET name='$_POST[name]', username='$_POST[username]'
WHERE name='$keywords' AND username='$keywords'";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "User details successfully updated";
mysql_close($con)
?>
Thanks in advance
-
-
I think you should start with a tutorial to understand the basics of MySQL, such as DELETE. I like this tutorial:
http://php-mysql-tutorial.com (note that you'll want to look for the oldest articles to start)
As for your code above, it looks generally correct, but I see two problems:
1. You must escape the user input data because if you don't it will be a huge security risk-- someone can inject MySQL code just by using syntax like '; DROP DATABASE `name`; (sent from the form).
It's easy to do this, though:
$variable = mysql_real_escape_string($variable);
Do that for all of your $_POST variables (and maybe others) before the query. That will make the data secure (escape it so that it can't contain any commands).
2. I don't see $keywords set anywhere. That's probably why nothing is happening.
Daniel -
Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
-
-
Last edited by ntin0s; 11-29-2010 at 02:09 PM.
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
Bookmarks