1

I have simple Update query like,

$ekleme=mysql_query("UPDATE books SET adi = '$adi' WHERE id = '$id'");

But in the end, it returns with empty "adi" cell.

lurker
  • 56,987
  • 9
  • 69
  • 103
Berke Funda
  • 11
  • 1
  • 2
    Your code is open to [SQL injection](https://stackoverflow.com/q/332365/2469308) related attacks. Please learn to use [Prepared Statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Madhur Bhaiya Oct 15 '18 at 18:56
  • 1
    @MadhurBhaiya: the pattern *appears* to be vulnerable to SQL Injection; we don't see the code that populates `$adi` or `$id`. It could be that they contain returns from mysql_real_escape_string. Or could be those are constants. We can't know for sure. (We're just fooling ourselves if we think the code isn't vulnerable.) – spencer7593 Oct 15 '18 at 19:05
  • 2
    @spencer7593 OP must really stop using mysql_* and move to mysqli_* or PDO. Moreover, even [mysql_real_escape_string is not completely foolproof](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string/12118602#12118602) – Madhur Bhaiya Oct 15 '18 at 19:07
  • 1
    The PHP `mysql_` interface functions have been deprecated a long time, and are removed in the latest version of PHP. New development should use `PDO` or `mysqli_`. – spencer7593 Oct 15 '18 at 19:08
  • thanks for your helps and suggestions – Berke Funda Oct 15 '18 at 19:14
  • mysql_query() will return true or false on an UPDATE. You can check how many records are changed with mysql_affected_rows() method: http://php.net/manual/en/function.mysql-affected-rows.php – Ernani Azevedo Oct 15 '18 at 23:46

0 Answers0