Correcting an UPDATE statement (and making it more secure!)

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Jess on Stack Overflow See other posts from Stack Overflow or by Jess
Published on 2010-03-17T14:19:19Z Indexed on 2010/03/17 14:21 UTC
Read the original article Hit count: 103

Filed under:
|

I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not running correctly. It's just prompting a syntax error Here is what I have:

"UPDATE books SET readstatus='".$readstatus."' WHERE book_id=".$book_id;

This won't work, I also tried doing something like this as I'm told this makes it a bit more secure? :

"UPDATE books SET readstatus='{$readstatus}', WHERE read_id='{read_id}'";

This does not prompt any errors, but no change is happeneing to the value in the DB, I'm guessing the syntax is incorrect.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about mysql

Related posts about update

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle