| Re: Help required with UPDATE columns [message #179548 is a reply to message #179545] |
Tue, 06 November 2012 18:53   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Shake wrote:
> El 06/11/2012 19:13, Thomas 'PointedEars' Lahn escribió:
>> You are mistaken. Whether the query is syntactically wrong in the DBMS
>> depends on the data type, the value of the variable (that we do not know,
>> do we?) and the query language.
>
> You do not know. I know it.
> Your limitations are not my mistake.
>
> mytable.drawing values have to be enclosed by quotes.
Oh shut up. How can you possibly *know* the value of the variable $drawing
when the OP has not posted it? All you have is conjecture.
>> The actual and much more grave issue here is that the OP is using user
>> input
>> ($_POST['…']) unchecked and unescaped, which allows for SQL injection.
>> If they fixed that with Prepared Statements, both problems would go away.
>
> Right. Still not a MySQL issue: An SQL issue.
Bullshit. It is obvious that the OP is using MySQL; so their MySQL syntax
is at fault and their approach, too.
PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]