-1

I do not understand why mysql_query($update) is not executed here. All code seems fine for me, var_dump'ing elements results expected values. echo $passed_title; Is executing without warnings from previous line which as said is not executed (DB is not updated). Why?

$ask_if_empty = "SELECT id FROM content WHERE id='{$passed_id}'";
$ask_if_empty2 = mysql_query($ask_if_empty) or die($error[25]);

if (mysql_num_rows($ask_if_empty2) !== 0) 
{
    $update = "UPDATE content SET title='{$passed_title}' WHERE id='{passed_id}'";
    mysql_query($update) or die($error[25]);
    echo $passed_title;
}
4

2 回答 2

4

You're missing a $: 

$update = "UPDATE content SET title='{$passed_title}' WHERE id='{$passed_id}'";

I strongly recommend escaping strings before using them in sql queries. You can do this with mysql_real_escape_string. Otherwise you are open to sql injection attacks:

$passed_title = mysql_real_escape_string($passed_title);

If $passed_id is an integer you should prevent malicious input by using intval():

$passed_id = intval($passed_id);
于 2012-10-14T21:21:34.343 回答
0

If the id column is an INTEGER, you might need to drop the single quotes around the value id='{$passed_id}'.

于 2012-10-14T21:25:28.067 回答