Hi, Jason. Do you realize this code is wide open for an SQL injection attack? The problem could easily be addressed by using a prepared query instead. For more details, check the mysqli documentation.

Jason Pruim wrote:
The problem is when I am attempting to update some of the info, it erases the info in the field.

Anyone got a clue as to what is going on? :)

I'm not sure I understand. You mean that some of the fields that should receive content in the update do not do so? Why not echo $sql and then submit the form so that you can see the query being sent to your database? That will probably help you solve the problem. Odds are there is something wrong with your query.

You'd never want to echo an SQL query in a production environment, but since this is in development, I assume you needn't worry about that.

You block of "$variable = $_POST['key'];" is a complete waste of time, BTW. Why create another copy of the data? You could just as easily use "set FName = '{$_POST['txtFName']}'..." That would also make your injection vulnerability more obvious to you.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to