Posted by Markus Ernst on 10/24/06 11:03

davek schrieb:
> This is my code:
> $sql = "UPDATE users SET
> username = '{$usr}',
> password = '{$pwd}',
> fullname = '{$_POST['fullname']},
End quote missing here ^

> email = '{$_POST['email']}'
> WHERE userid = '{$usrid}'";

You can easily find typos like this if you output var_dump($sql).

BTW it is a bad idea to put post data directly into your query - you
should check them for security issues and escape quotes first. Google
for "sql injection" and "e-mail injection".

--
Markus

• Next in forum: Using mysql_real_escape_string with sprintf
• Prev in forum: how to lock a block of php codes
• Thread view: Re: strange extra quote mark appearing in mysql query

[Reply to this message]