UPDATE klient SET (n_srok_v = '$_POST['n_srok_v']', n_1_1='$_POST['n_1_1']' ) WHERE xxx==1; xxx - auto increment
5 answers
UPDATE `klient` SET n_srok_v = '$_POST['n_srok_v']', n_1_1='$_POST['n_1_1']' WHERE xxx=1; Equal sign "=" In general, I recommend using placeholders so that there is no $_POST['n_srok_v'] such things in the query. Firstly, it is unsafe, most likely you are now making such a request a hole for active XSS , and secondly, it is poorly readable.
knes
24.8k 31 65
karbachinsky karbachinsky
314 one 3
|
UPDATE klient SET n_srok_v = '$_POST["n_srok_v"]', n_1_1='$_POST["n_1_1"]' WHERE xxx=1;
Focus on quotes and a single equal sign. Yes, and when inserting this request in php, you have to escape some of the quotes.
ling ling
14k one 18 45
- all the same gives an error Parse error: syntax error, unexpectedly T_STRING in Z: \ home \ prokat.by \ www \ function \ update.php on line 11 - ArnyRey
- Can I see your lines 10 and 11? Either 10 is not enough semicolon, or you did not screen quotes in the query. - ling
- <? include_once "mysql_conect.php"; include_once "select.php"; $ aa = $ _ POST ['xxx1']; $ aa1 = $ _ POST ['n_srok_v']; $ aa2 = $ _ POST ['n_1_1']; echo $ aa2; UPDATE klient SET (n_srok_v = '$ aa1', n_1_1 = '$ aa2') WHERE xxx = $ aa; // echo "updated"; ?> and the following message: Parse error: syntax error, unexpected__T_STRING in Z: \ home \ prokat.by \ www \ function \ update.php on line 10 - ArnyRey
- All clear. Google theme of using mysql in conjunction with php and read [docks] [1]. [1]: php.net/manual/en/ref.mysql.php - ling
|
Another option is possible:
UPDATE klient SET n_srok_v = '{$_POST['n_srok_v']}', n_1_1='{$_POST['n_1_1']}' WHERE xxx=1; It is advisable to process more input data.
angry
5,860 15 57 171
gator gator
27 2
|
UPDATE klient SET n_srok_v = '.mysql_real_escape_string($_POST['n_srok_v']).', n_1_1='.mysql_real_escape_string($_POST['n_1_1']).' WHERE xxx=1; It is possible so for example :) And in fact, @karbachinsky is right, it is better to check the data transmitted by post / gett, so that later it would not be excruciatingly painful.
Specifically this request:
mysql_query("UPDATE klient SET n_srok_v = ".$_POST["n_srok_v"].", n_1_1 = ".$_POST["n_1_1"]." WHERE xxx=1"); To quickly find errors, even in the process of writing, using editors, I can advise phpdesinger paid, 30 days are free. The key can be bought or not))
angry
5,860 15 57 171
DemoriaN DemoriaN
566 four 18
- Do not forget that if you put quotes mysql_query ('blah blah blah'); then "change to 'Shl: the client is not a string parameter but the name of the table. In this case, you should not take it in the
name)) otherwise it will swear at the wrong quotes again. - DemoriaN
|
You can try this option.
$n_srok_v = $_POST['n_srok_v']; $n_1_1 = $_POST['n_1_1']; $sql = "UPDATE klient SET n_srok_v = '" . $n_srok_v . "', n_1_1 = '" . $n_1_1 . "' WHERE xxx=1"; 
Idaho37 Idaho37
179 four 21
- $ query = "UPDATE $ table SET n_srok_v = '$ aa1', n_1_1 = '$ aa2', n_1 = '$ aa6', n_x1 = '$ aa3' WHERE xxx = $ aa"; mysql_query ($ query) or trigger_error (mysql_error (). "in". $ query); I found such a solution, it works - ArnyRey
|