|
-
Oct 27th, 2006, 08:36 PM
#1
Thread Starter
WiggleWiggle
 [RESOLVED] Legit SQL Code?
does this sql query look like it should work?
PHP Code:
UPDATE `members` SET personal_question_answer='".$_POST['ps_answer']."' AND personal_question='".$_POST['personal_question']."' WHERE member_id LIKE '".$_SESSION['member_id']."'
Everything is set correctly. When i go into PHPMyAdmin and do that code manualy, it still does not work. any help?
My usual boring signature: Something
-
Oct 27th, 2006, 09:41 PM
#2
Re: [RESOLVED] Legit SQL Code?
AND needs to be replaced with a comma (",")
VB Code:
UPDATE `members` SET personal_question_answer='".$_POST['ps_answer']."', personal_question='".$_POST['personal_question']."' WHERE member_id LIKE '".$_SESSION['member_id']."'
-
Oct 28th, 2006, 02:28 AM
#3
Re: [RESOLVED] Legit SQL Code?
And this code is of course subject to SQL injection if magic quotes are disabled.
All the buzzt
 CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
