| Re: Help required with UPDATE columns [message #179546 is a reply to message #179545] |
Tue, 06 November 2012 18:30   |
M. Strobel
Messages: 386
Registered: December 2011
Karma:
|
Senior Member |
|
|
Am 06.11.2012 19:20, schrieb Shake:
> El 06/11/2012 19:13, Thomas 'PointedEars' Lahn escribió:
>>
>> You are mistaken. Whether the query is syntactically wrong in the DBMS
>> depends on the data type, the value of the variable (that we do not know, do
>> we?) and the query language.
>
> You do not know. I know it.
> Your limitations are not my mistake.
>
> mytable.drawing values have to be enclosed by quotes.
>
>>
>> The actual and much more grave issue here is that the OP is using user input
>> ($_POST['…']) unchecked and unescaped, which allows for SQL injection. If
>> they fixed that with Prepared Statements, both problems would go away.
>
> Right. Still not a MySQL issue: An SQL issue.
>
This sounds quite aggressive for someone showing so many coding problems. You could
have seen the sql error in your first posting.
/Str.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]