Danny Brow wrote:
> Thanks for looking,
>
> I figured it out, after RTFM for db, I found that I needed to do field=?
> instead of using VALUES ().
>
>
>
> Example:
>
> $db->query('UPDATE items SET item_name=?, item_desc=?, item_price=?,
> extraprice=? WHERE item_id = 3',
> array($_POST['title'], $_POST['description'], $_POST['price'],
> $_POST['extraprice']));
>FYI - You should at least escape the $_POST data (more filtering may be necessary) before you go inserting it into your database. When using raw $_POST data it may be possible for someone to DROP DATABASE. Search the archives (STFA) for more on this topic. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-general&w=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
signature.asc
Description: OpenPGP digital signature
