Sephy Posted October 3, 2011 Report Share Posted October 3, 2011 Ar INSERT strada tadas vertibas, bet ar UPDATE SET nestrada, kur kļūda? $insert = mysql_query("UPDATE news SET newsname = '".$_POST['title']."', SET newstext='".$_POST['add']."', SET address='".$_POST['address']."' WHERE newsname='$derp'") or die(mysql_error()); un error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET newstext='Ierakstiet raxta tekstu!t' at line 1 Quote Link to comment Share on other sites More sharing options...
codez Posted October 3, 2011 Report Share Posted October 3, 2011 Vai tad tik grūti dokumentācijā psakatīties pareizu sintaksi? http://dev.mysql.com/doc/refman/5.0/en/update.html Nevienā piemēra SET netiek lietots vairākas reizes. Quote Link to comment Share on other sites More sharing options...
briedis Posted October 3, 2011 Report Share Posted October 3, 2011 Pagūglē arī par tādu lietu kā SQL injekcijas (SQL incjections). Quote Link to comment Share on other sites More sharing options...
Sephy Posted October 3, 2011 Author Report Share Posted October 3, 2011 (edited) ok tagad it ka pareizi $insert = mysql_query("UPDATE news SET newsname = '".$_POST['title']."', newstext='".$_POST['add']."', address='".$_POST['address']."' WHERE newsname='$derp'") Edited October 3, 2011 by Sephy Quote Link to comment Share on other sites More sharing options...
briedis Posted October 3, 2011 Report Share Posted October 3, 2011 Vēlreiz, palasi par SQL injekcijām. http://www.google.lv/search?q=php+sql+injections Quote Link to comment Share on other sites More sharing options...
Sephy Posted October 3, 2011 Author Report Share Posted October 3, 2011 Ok uzliko to aizsardzibu ;) paldies par atgadinajumu! Quote Link to comment Share on other sites More sharing options...
briedis Posted October 3, 2011 Report Share Posted October 3, 2011 Parādi galējo kodu, varbūt vēl tur ir kādi brīnumi uz kuriem būtu vērts norādīt :) Quote Link to comment Share on other sites More sharing options...
Sephy Posted October 4, 2011 Author Report Share Posted October 4, 2011 (edited) if (isset($_POST['submit'])) { $derp=$_POST['galerija']; $derp= mysql_real_escape_string($derp); //parbauda vai visilauki aizpilditi! if (!$_POST['title'] | !$_POST['add'] | !$_POST['address'] ) { echo('Aizpildiet visus laukus!'); } $_POST['title'] = mysql_real_escape_string($_POST['title']); $_POST['add'] = mysql_real_escape_string($_POST['add']); $_POST['address'] = mysql_real_escape_string($_POST['address']); $insert = mysql_query("UPDATE news SET newsname = '".$_POST['title']."', newstext='".$_POST['add']."', address='".$_POST['address']."' WHERE '$derp'=newsname") or die(mysql_error()); $add_member = mysql_query($insert); Edited October 4, 2011 by Sephy Quote Link to comment Share on other sites More sharing options...
briedis Posted October 4, 2011 Report Share Posted October 4, 2011 Es ieteiktu nelietot $_POST mainīgo pašā kvērijā, bet gan izveido starp-mainīgo tāpat kā $derp, izskatās ļoti mulsinoši. Skaties uz $_POST mainīgo tā, it kā tas būtu read-only, nevis datu saglabāšanai tajā. Quote Link to comment Share on other sites More sharing options...
daGrevis Posted October 4, 2011 Report Share Posted October 4, 2011 Kodam ir jābut skaistam! Quote Link to comment Share on other sites More sharing options...
codez Posted October 4, 2011 Report Share Posted October 4, 2011 (edited) Uztaisi $data=array_map('mysql_real_escape_string',$_POST); un $data tev saturēs visus POST datus eskeipotā veidā- varēsi lietot $data['title'];Protams labāk būtu uztaisīt query funkciju, kura automātiski eskeipo parametrus. Edited October 4, 2011 by codez Quote Link to comment Share on other sites More sharing options...
daGrevis Posted October 4, 2011 Report Share Posted October 4, 2011 Ar in_array() pārbaudi vai $_POST masīvs satur tikai tos elementus, kurus tam vajadzētu saturēt. :) Quote Link to comment Share on other sites More sharing options...
Kavacky Posted October 4, 2011 Report Share Posted October 4, 2011 Šajā gadījumā tas nav Kohanas ORM->values(), tāpēc ir vienalga, kas vēl ir tajā POST'ā. Svarīgi ir tikai tas, lai kkas slikts nebūtu tajā daļā, kuru izmanto. Quote Link to comment Share on other sites More sharing options...
daGrevis Posted October 5, 2011 Report Share Posted October 5, 2011 Nu jā... laikam tad sanāk, ka tas ir over-kills. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.