MYSQL PHP triggered by Android (Corona sdk) makes trouble about row/column

Question

This is my simple "give-android-my-data-script":

$email = $_POST["email"];
$column = $_POST["column"];
$data = $_POST["data"];
mysql_query( "UPDATE members SET '$column' = '$data' WHERE email = '$email'") or die( "database query failed!" );
echo "data retrieved" . $email . $column . $data;

Everything is working fine IF but if I change '$column' for example into active (which is a row)

Echo tells me all 3 variables are there, but "database query failed!", too

So I'm sitting here - without a clue - 02:22am in germany...

Maybe someone can help me find the mistake. Thanks.

score 0 · Accepted Answer · edited May 23 '17 at 11:57

0

Make sure that the data inside $_POST["column"] has a matching column name in your members table.

mysql_query("UPDATE members SET `".$column."` = '".$data."' WHERE email = '".$email."'")

Your query is also very prone to SQL injections. You should be using MySQLi_* instead.

edited May 23 '17 at 11:57

Community

1
1

answered Jan 30 '15 at 01:32

Logan Wayne

6,001
16
31
49

thanks, forgot that " and ' stuff. Should go to sleep. And thanks for the hint with injection. I'll use pdo! :) – Jan 30 '15 at 01:45

MYSQL PHP triggered by Android (Corona sdk) makes trouble about row/column

1 Answers1