mysql query not running correctly from inside the application
Posted
by Mala
on Stack Overflow
See other posts from Stack Overflow
or by Mala
Published on 2010-03-27T23:17:04Z
Indexed on
2010/03/27
23:23 UTC
Read the original article
Hit count: 188
I am completely stumped. Here is my php (CodeIgniter) code:
function mod()
{
$uid = $this->session->userdata('uid');
$pid = $this->input->post('pid');
if ($this->_verify($uid,$pid))
{
$name = $this->input->post('name');
$price = $this->input->post('price');
$curr = $this->input->post('curr');
$url = $this->input->post('url');
$query = $this->db->query("UPDATE items SET
name=".$this->db->escape($name).",
price=".$this->db->escape($price).",
currency=".$this->db->escape($curr),",
url=".$this->db->escape($url)."
WHERE pid=".$this->db->escape($pid)." LIMIT 1");
}
header('location: '.$this->session->userdata('current'));
}
The purpose of this code is to modify the properties (name, price, currency, url) of a row in the 'items' table (priary key is pid
). However, for some reason, allowing this function to run once modifies the name, price, currency and url of ALL entries in the table, regardless of their pid and of the LIMIT 1 thing I tacked on the end of the query. It's as if the last line of the query is being completely ignored.
As if this wasn't strance enough, I replaced "$query = $this->db->query(
" with an "echo
" to see the SQL query being run, and it outputs a query much like I would expect:
UPDATE items SET name='newname', price='newprice', currency='newcurrency', url='newurl' WHERE pid='10' LIMIT 1
Copy-pasting this into a MySQL window acts exactly as I want: it modifies the row with the selected pid.
What is going on here???
© Stack Overflow or respective owner