[RESOLVED] Legit SQL Code?

Printable View

Oct 27th, 2006, 08:36 PM
dclamp

[RESOLVED] Legit SQL Code?

does this sql query look like it should work?

PHP Code:

UPDATE `members` SET personal_question_answer='".$_POST['ps_answer']."' AND personal_question='".$_POST['personal_question']."' WHERE member_id LIKE '".$_SESSION['member_id']."'

Everything is set correctly. When i go into PHPMyAdmin and do that code manualy, it still does not work. any help?

Re: [RESOLVED] Legit SQL Code?

AND needs to be replaced with a comma (",")

VB Code:

UPDATE `members` SET personal_question_answer='".$_POST['ps_answer']."', personal_question='".$_POST['personal_question']."' WHERE member_id LIKE '".$_SESSION['member_id']."'

Oct 28th, 2006, 02:28 AM
CornedBee

Re: [RESOLVED] Legit SQL Code?

And this code is of course subject to SQL injection if magic quotes are disabled.

All times are GMT -5. The time now is 07:39 PM.