On Tue, Oct 14, 2014 at 1:16 PM, kavin raj <[email protected]> wrote: > > $str="UPDATE kncet SET('$name','$email','$password','$mobile' WHERE > id='$id')"; > $res=@mysql_query($str)or die(mysql_error());
On a side note, it is recommended to not put your query in a string and execute it. It is a security concern. People can exploit this and execute queries of _their_ choice on your DB. It is called as SQL Injection. You can read more about it on the OWASP[1] site. Also here[2] is a way to prevent SQL Injection in PHP. [1]: https://www.owasp.org/index.php/SQL_Injection [2]: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
