| Re: Help required with UPDATE columns [message #179545 is a reply to message #179544] |
Tue, 06 November 2012 18:20   |
Shake
Messages: 40
Registered: May 2012
Karma:
|
Member |
|
|
El 06/11/2012 19:13, Thomas 'PointedEars' Lahn escribió:
>
> You are mistaken. Whether the query is syntactically wrong in the DBMS
> depends on the data type, the value of the variable (that we do not know, do
> we?) and the query language.
You do not know. I know it.
Your limitations are not my mistake.
mytable.drawing values have to be enclosed by quotes.
>
> The actual and much more grave issue here is that the OP is using user input
> ($_POST['…']) unchecked and unescaped, which allows for SQL injection. If
> they fixed that with Prepared Statements, both problems would go away.
Right. Still not a MySQL issue: An SQL issue.
Rgs.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]