Mysql Poop

atholon · #1 10-03-2007, 08:47 PM

Freakin`

I cannot seem to get PHP to update a mysql section.

anyone see anything wrong with this query?

PHP Code:


			
      mysql_query("UPDATE tutorialsteps SET thestep='$step[$number]' WHERE stepnumber='$stepnumber' && tutorialnumber='$tutorialid';") or die ("<br /><br />Mysql Error: ".mysql_error());

Lakie · #2 10-03-2007, 08:59 PM

Try

PHP Code:


			
mysql_query("UPDATE tutorialsteps SET thestep='$step[number]' WHERE stepnumber='$stepnumber' AND tutorialnumber='$tutorialid'") or die...

atholon · #3 10-03-2007, 10:19 PM

Still didn`t update the MYSQL table. I dunno why...this is the script...

PHP Code:


			
<?php 

include ("config.php");



$title=$_REQUEST["title"];

$description=$_REQUEST["description"];

$currentuser=$_REQUEST["username"];



$number="0";

$anothernumber="0";

$date=date("m-j-y"); 





    if ($_REQUEST["category1"] != "other")

    {

    $category1=$_REQUEST["category1"];

    }

    else

    {

    $category1=$_REQUEST["othertext"];

    }



    mysql_query("INSERT INTO `tutorials` (`title`, `description`, `date`, `category1`, `approved`) VALUES ('$title', '$description', '$date', '$category1', 'no');") or die ("<br /><br />Mysql Error: ".mysql_error());

    mysql_query("INSERT INTO `tutoriallinks` (`title`, `description`, `approved`,`date`, `category1`,`user`) VALUES ('$title', '$description', 'no','$date', '$category1', '$currentuser');") or die ("<br /><br />Mysql Error: ".mysql_error());

    $tutorialid=mysql_insert_id();





    while ($step[$number])

    {

      $stepnumber=$number+1;

      mysql_query("UPDATE tutorialsteps SET thestep='$step[number]' WHERE stepnumber='$stepnumber' AND tutorialnumber='$tutorialid'") or die ("<br /><br />Mysql Error: ".mysql_error());

      print $step[$number];

      $number++;

    }





      $theid=$tutorialid;

      $number2="0";



  if ($_FILES["ourFiles"]!="")

  {

    foreach ($_FILES["ourFiles"]["error"] as $key => $error) {

      if ($error == UPLOAD_ERR_OK)

      {

       $tmp_name = $_FILES["ourFiles"]["tmp_name"][$key];

       $keynumber=$key + 1;

       $name = $_FILES["ourFiles"]["name"][$key];

       $name=strtolower($_FILES["ourFiles"]["name"][$key]);

       $ext=substr(strrchr($name, "."), 1);

       $name="review"."_".$theid."_".$keynumber."."."$ext";

       mysql_query("INSERT INTO `tutorialfiles` (`tutorialnumber`, `stepnumber`, `thefile`) VALUES ('$tutorialid', '$keynumber', '$name');") or die ("<br /><br />Mysql Error: ".mysql_error());

       move_uploaded_file($tmp_name, "./uploads/$name");

       $iRedirURL="./tutorials.php?view=tutorial&sid=$tutorialid";

      }



    }

  }



    ?>

Lakie · #4 10-03-2007, 10:38 PM

do you have msn?

msn[@]mikes[]hq.net remove the []

Scott · #5 10-04-2007, 10:20 AM

You really need to think about input validation. That script is vunerable to mysql injection everywhere.

http://www.php.net/mysql_real_escape_string

Also search google for "mysql injection"

atholon · #6 10-04-2007, 06:09 PM

Thanks man,
I figured out what was wrong with the bloody script. Oh my gosh. I am a retard!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
BCS = poop spelled backwards.	atholon	General Chat	2	01-03-2009 12:07 AM
MySQL 5.0 is out!	DevilDog#1	Web design and Programming	4	01-14-2006 07:16 PM
mysql 4.1	King	Web design and Programming	6	02-06-2005 12:49 PM
MySql help	Stu	Web design and Programming	5	11-28-2004 05:25 AM
mysql help	G.I.JOEMFA	Tech Support	1	07-20-2003 09:22 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)