TalkPHP - View Single Post

Karl · 09-20-2007, 11:38 AM

May I first suggest the use of sprintf to improve readability. As for the query, it seems fine except for the lack of quotes around strings. Try this:

PHP Code:


			
$szSql = sprintf("    UPDATE
                        %s 
                    SET 
                        username = '%s', 
                        password = '%s', 
                        registerdate = '%s', 
                        registerip = '%s' 
                    WHERE 
                        uid = %d",
                    $this->table['members'],
                    mysql_escape_string($this->data['username']),
                    mysql_escape_string($this->data['password']),
                    $this->data['registerdate'],
                    $this->data['registerip'],
                    $this->data['uid']);

$this->db->query($szSql);

On another note, how much nicer does that code look? :)

09-20-2007, 11:38 AM	#4 (permalink)
Karl The Reckoner Join Date: Sep 2007 Posts: 437 Thanks: 22	May I first suggest the use of sprintf to improve readability. As for the query, it seems fine except for the lack of quotes around strings. Try this: PHP Code: $szSql = sprintf(" UPDATE %s SET username = '%s', password = '%s', registerdate = '%s', registerip = '%s' WHERE uid = %d", $this->table['members'], mysql_escape_string($this->data['username']), mysql_escape_string($this->data['password']), $this->data['registerdate'], $this->data['registerip'], $this->data['uid']); $this->db->query($szSql); On another note, how much nicer does that code look? :)