|
|
Posted by Michał Woźniak on 12/17/06 23:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Knochen wrote:
> Hello,
>
> i have a php-script with a mysql_query ...
>
> $insert = mysql_query("INSERT INTO $table (textID,redaktion) VALUES
> ('$_POST[ID]','$row_startseiten[ID]')");
>
> I get no mysql_error, if i copy the insert directly into phpmyadmin, the
> insert works. but with the php-script the insert doesn`t create a new
> row in the table .. but why?
>
> thank you for help
>
> Mark
surely you are not pasting *exactly* the above - you are replacing
$_POST[ID], for example. I'd do one thing:
echo $insert;
you could see, what actually gets sent to the mysql server. I bet the
problem's there.
besides, using bare $_POST var in a query is *not* a good idea, that's the
best way to get sql-injected. you _should_ do some checks on the value of
$_POST[ID].
cheers
mike
- --
well, whatever, nevermind
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFhdVobADv+Yd2wmARAls7AJ9poawMOwSzCojubJ7pDRQeh3UKFwCcCoHw
2Hbc1gm6pzH0gItPwEcu+lI=
=5b5W
-----END PGP SIGNATURE-----
Navigation:
[Reply to this message]
|