combining two vars that has text in them (instead of numbers)

Discussion in 'PHP' started by Dirty-Rockstar, Jun 21, 2008.

  1. #1
    what is commented out im trying to attempt, but its wrong:

    
    $body=stripped($_POST[post]);
    $edited="<i>This was edited by $user on $date</i>";
    
    
    //$body=$body+$edited;
    		
    $sql="update table set field='$body' where id ='$variable'" or die(mysql_error());
    $query=mysql_query($sql) or die(mysql_error());
    
    
    
    
    PHP:
    Silly question, however i never attempted this before haha. thanks <3
     
    Dirty-Rockstar, Jun 21, 2008 IP
  2. Dirty-Rockstar

    Dirty-Rockstar Guest

    Messages:
    252
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #2
    resolved, im just being slow today

    
    
    $body=$body.$edited;
    
    
    PHP:
    DUH....thanks anyway = )
     
    Dirty-Rockstar, Jun 21, 2008 IP
  3. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #3
    One thing you may want to consider is that this script is completely open to SQL injection.

    At the very least you should do this:
    
    $sql="update table set field='".mysql_real_escape_string($body)."' where id ='$variable'" or die(mysql_error());
    
    PHP:
    You should also make sure to do it on any user entered fields when you initially insert the record.
     
    jestep, Jun 21, 2008 IP
  4. andrews

    andrews Peon

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    you can also do this:

    
    
    $body .= $edited;
    
    
    PHP:
     
    andrews, Jun 21, 2008 IP