hello i m having difficulty in updating a form, i created a form which has two buttons, one is for edit and one is for update, but when i am updating my data after editing, it update 0 instead of the data, i mean i m getting 0 in my db, data is replaced to 0, here is my code:
First, never ever write code like this. Never build an SQL query by concatenating user input, such code is subject to an SQL injection attack. You would be better off using mysqli::query() and then passing the parameters using mysqli_stmt::bind_param().
Second, your UPDATE statement lacks a WHERE clause. Therefore, ALL records in the database will be updated with this information.
Finally, I tried your code (though I reduced the database to three columns), and it updated just fine for me (though, of course, all rows in the database now have the same values). I assume that the file was named update.php.
posted 8 years ago
okay it's working for me...
but how mysql_query can cause sql injuctions??
i use mysql_query in each of my database query...