mysql query not running correctly from inside the application

Posted by Mala on Stack Overflow See other posts from Stack Overflow or by Mala
Published on 2010-03-27T23:17:04Z Indexed on 2010/03/27 23:23 UTC
Read the original article Hit count: 188

Filed under:
|
|
|

I am completely stumped. Here is my php (CodeIgniter) code:

function mod()
{
    $uid = $this->session->userdata('uid');
    $pid = $this->input->post('pid');
    if ($this->_verify($uid,$pid))
    {
        $name  = $this->input->post('name');
        $price = $this->input->post('price');
        $curr  = $this->input->post('curr');
        $url   = $this->input->post('url');

        $query = $this->db->query("UPDATE items SET
                        name=".$this->db->escape($name).",
                        price=".$this->db->escape($price).",
                        currency=".$this->db->escape($curr),",
                        url=".$this->db->escape($url)."
                        WHERE pid=".$this->db->escape($pid)." LIMIT 1");
    }
    header('location: '.$this->session->userdata('current'));

}

The purpose of this code is to modify the properties (name, price, currency, url) of a row in the 'items' table (priary key is pid). However, for some reason, allowing this function to run once modifies the name, price, currency and url of ALL entries in the table, regardless of their pid and of the LIMIT 1 thing I tacked on the end of the query. It's as if the last line of the query is being completely ignored.

As if this wasn't strance enough, I replaced "$query = $this->db->query(" with an "echo" to see the SQL query being run, and it outputs a query much like I would expect:

UPDATE items SET name='newname', price='newprice', currency='newcurrency', url='newurl' WHERE pid='10' LIMIT 1

Copy-pasting this into a MySQL window acts exactly as I want: it modifies the row with the selected pid.

What is going on here???

© Stack Overflow or respective owner

Related posts about mysql

Related posts about php