$exe="UPDATE tablename SET name='mac',name1='ubuntu',WHERE id=90";
$check=mysql_query($exe) or die(mysql_error("connot executed"));
echo $check;
You can check this format code
Regards with,
saravanan k.
On 10/18/14, Shrayas rajagopal <[email protected]> wrote:
> On Tue, Oct 14, 2014 at 1:16 PM, kavin raj <[email protected]> wrote:
>>
>> $str="UPDATE kncet SET('$name','$email','$password','$mobile' WHERE
>> id='$id')";
>> $res=@mysql_query($str)or die(mysql_error());
>
> On a side note, it is recommended to not put your query in a string and
> execute it. It is a security concern. People can exploit this and execute
> queries of _their_ choice on your DB. It is called as SQL Injection.
>
> You can read more about it on the OWASP[1] site. Also here[2] is a way to
> prevent SQL Injection in PHP.
>
> [1]: https://www.owasp.org/index.php/SQL_Injection
> [2]:
> http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
>
> _______________________________________________
> ILUGC Mailing List:
> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
> ILUGC Mailing List Guidelines:
> http://ilugc.in/mailinglist-guidelines
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
ILUGC Mailing List Guidelines:
http://ilugc.in/mailinglist-guidelines
