|
Posted by Bill Karwin on 02/01/06 19:48
> On 31 Jan 2006 07:44:15 -0800, "Jeff" <joesiege@gmail.com> wrote:
>
>>What's the best practice for handling the following situation, when I
>>do an update like this:
>>
>>$sql = "UPDATE haha SET papa="loco" WHERE id=$var";
>>$res = mysql_query($sql,$db);
>>
>>If I don't get a match in my where clause, i.e., 12!=44 the UPDATE does
>>not occur but mysql_errno == 0 and mysql_error = "" so I can't capture
>>the failure.
>>
>>Any thoughts?
Hi Jeff,
It's actually not an error for an update or delete statement to affect zero
rows, believe it or not. Just as it's not an error for a select query to
return zero rows.
But there may be a solution for you. Check out the mysql_affected_rows
function in PHP.
http://us3.php.net/manual/en/function.mysql-affected-rows.php
By the way, I'd like to give you a gentle reminder to do some verification
on the $var variable in your code to make sure it contains a valid integer
and no other string. If the value is coming from a request parameter, a
malicious user could enter a string such as "44 OR 1=1" and mess up your
database! This is called SQL injection, it's a common security
vulnerability.
See http://en.wikipedia.org/wiki/Sql_injection
Regards,
Bill K.
Navigation:
[Reply to this message]
|