1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:49 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

php databse entry

         

tunnelduck

12:33 am on Sep 10, 2003 (gmt 0)

10+ Year Member



i am currently working on a series of scripts and my current one i have it so that through entering information onto a form it will then enter that info into a mwsql databse. my problem is that instead of entering what a variable equals into the databse it is entering the variable itself. for example, instead of $url putting [whatever.com...] into the databse it is putting just "$url" without trading it out for what the variable equals. that is probably a little confusing but here is the script which will hopefully make more sense. 


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<?php
include('db.php'); //file containing user and pass
?>
<?
if (isset($_POST['submit']))
{
mysql_select_db("tehhaxtest",$db); 
$sql = 'UPDATE `links` SET `url` = \'$urlc\',`target` = \'$target\',`description` = \'$desc\',`cssclass` = \'$cssc\' WHERE `id` = \'$idc\' LIMIT 1 ;'; 
// the problem is in the previous statement, it is entering the unparsed variable $urlc into the database rather than what the user enters in the form for $urlc, all the other variables do the same
 $result = mysql_query($sql);
 echo "Thank you! Information updated. <a href=\"change.php\">other</a>";
}
else
{
?>

[edited by: jatar_k at 12:54 am (utc) on Sep. 10, 2003]
[edit reason] snipped extra code [/edit]

jatar_k

12:56 am on Sep 10, 2003 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Welcome to WebmasterWorld tunnelduck,

replace the single quotes around the string with double quotes, you also don't need the extra semi colon in there.

$sql = "UPDATE `links` SET `url` = \'$urlc\',`target` = \'$target\',`description` = \'$desc\',`cssclass` = \'$cssc\' WHERE `id` = \'$idc\' LIMIT 1";

php won't parse anything enclosed in single quotes like that ;)

tunnelduck

1:54 am on Sep 10, 2003 (gmt 0)

10+ Year Member



thank you for your help, i thought i had tried every possbile arrangement of double and single quotes but i suppose i was wrong. i found it didnt work until not only did i make that string in double quotes but put double quotes around each of the variables (and that extra semi colon im not sure where that came from) as in the following:

$sql = "UPDATE `links` SET `url` = \"$urlc\",`target` = \"$target\",`description` = \"$desc\",`cssclass` = \"$cssc\" WHERE `id` = \"$idc\" LIMIT 1";

hope that helps someone else if they ever have this problem.

vincevincevince

1:56 pm on Sep 10, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



putting double quotes around each variable is not really what you want, but if it works okay, fine. don't forget mysql_escape_string() around your variables if they are user entered or it leaves you with large security holes.

jatar_k

3:17 pm on Sep 10, 2003 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



and actually I was lazy in my correction it should have been

$sql = "UPDATE `links` SET `url` = '$urlc',`target` = '$target',`description` = '$desc',`cssclass` = '$cssc' WHERE `id` = '$idc' LIMIT 1";

you don't need to escape single quotes when they are enclosed in double quotes

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:49 am Apr 28, 2026