Try echoing the exact same SQL you actually run in mysql_query (store it in $sql then pass that into the query, instead of writing out the query twice) Then try running the query that gets echoed out in the response directly in the mysql command line on your server and see what happens Also, just to echo Max on the importance of escaping your SQL queries, I would add to the input sanitisation that you should use bind variables in your query, rather than just concatenating your user input with the rest of the SQL Something like this would ensure your variables are suitably escaped to avoid an SQL injection attack $sql = "UPDATE songs SET length = '%s' WHERE unique_song_id = '%s'"; $query = sprintf( $sql, mysql_real_escape_string($tracktime), mysql_real_escape_string($trackname) ); mysql_query($query).
Try echoing the exact same SQL you actually run in mysql_query (store it in $sql then pass that into the query, instead of writing out the query twice). Then try running the query that gets echoed out in the response directly in the mysql command line on your server and see what happens. Also, just to echo Max on the importance of escaping your SQL queries, I would add to the input sanitisation that you should use bind variables in your query, rather than just concatenating your user input with the rest of the SQL.
Something like this would ensure your variables are suitably escaped to avoid an SQL injection attack. $sql = "UPDATE songs SET length = '%s' WHERE unique_song_id = '%s'"; $query = sprintf( $sql, mysql_real_escape_string($tracktime), mysql_real_escape_string($trackname) ); mysql_query($query).
Thanks for the advice jwheare. After saving the query string and echoing it, I ran it in PhpMyAdmin it worked fine. I'll try it at the command line next... – danwoods Aug 25 '09 at 13:25 please accept this as the correct answer if it solved your problem.
– Josiah Peters Aug 25 '09 at 18:28.
Found it! Somehow I was getting an extra space before the finalized $trackname. Ltrim fixed it right up.
Thanks to everyone and thanks to those that mentioned security features. I'll definitely implement those. Dan.
Remember that your app will need to produce an HTML snapshot whenever it gets a request for an ugly URL, that is, a URL containing a query parameter with the name _escaped_fragment_. You can do this by having a script, say, gethtmlsnapshot. Php, that will produce the snapshot using the PHP scripts that already exist (in this case, getdata.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.