combining two vars that has text in them (instead of numbers)

Discussion in 'PHP' started by Dirty-Rockstar, Jun 21, 2008.

0
  1. #1
    what is commented out im trying to attempt, but its wrong:

    
$body=stripped($_POST[post]);
$edited="<i>This was edited by $user on $date</i>";


//$body=$body+$edited;
		
$sql="update table set field='$body' where id ='$variable'" or die(mysql_error());
$query=mysql_query($sql) or die(mysql_error());
    PHP:
    Silly question, however i never attempted this before haha. thanks <3
     
    Dirty-Rockstar, Jun 21, 2008 IP
  2. Dirty-Rockstar

    Dirty-Rockstar Guest

    Messages:
    252
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #2
    resolved, im just being slow today

    

$body=$body.$edited;
    PHP:
    DUH....thanks anyway = )
     
    Dirty-Rockstar, Jun 21, 2008 IP
  3. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #3
    One thing you may want to consider is that this script is completely open to SQL injection.

    At the very least you should do this:
    
$sql="update table set field='".mysql_real_escape_string($body)."' where id ='$variable'" or die(mysql_error());
    PHP:
    You should also make sure to do it on any user entered fields when you initially insert the record.
     
    jestep, Jun 21, 2008 IP
  4. andrews

    andrews Peon

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    you can also do this:

    

$body .= $edited;
    PHP:
     
    andrews, Jun 21, 2008 IP