I have the following php code that is supposed to connect to the database and update some info. However it is not updating. It doesnt give any errors, it connects just fine... the sql statement just doesnt seem to be working but everything looks ok to me.
if ($send != "no") {
$db_name = "auctionfinal";
$table_name = "auctions";
$connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com", "xxxx", "xxxx") or 开发者_开发问答die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = "UPDATE $table_name SET curbid = '$_POST[price]', nbids = '$totalnbid' WHERE aucname = '$auc' ";
$result = @mysql_query($sql, $connection) or die(mysql_error());
if ($result) {
echo "Thank you! You have bid on the auction for $auc, the current bid is $curbid, there have been $nbids bids on this auction so far.";
}
} else if ($send == "no") {
echo "$user_err";
}
It doesn't give any errors because you've told PHP to ignore errors. Remove the "@" from in front of all the mysql function calls, you'll get the errors.
The "@" symbol in front of php mysql function suppresses any errors. Remove it and then you'll see if there are any errors.
This is one of the risks you take using variable expansion inside strings.
This statement:
$sql = "UPDATE $table_name SET curbid = '$_POST[price]', nbids = '$totalnbid' WHERE aucname = '$auc' ";
... would be better written as:
$sql = "UPDATE ".$table_name." SET curbid = '".mysql_real_escape_string($_POST['price'])."', nbids = '".mysql_real_escape_string($totalnbid)."' WHERE aucname = '".mysql_real_escape_string($auc)."' ";
精彩评论