hi, i have a variety of SQL queries but one of them (the update query) is not working. this is my script: <?php if ($checkout == "yes") { mysql_query("UPDATE clients SET fullname='$_POST[fullname]', address='$_POST[address]', city='$_POST[city]', tk='$_POST[tk]', phone='$_POST[phone]', kinito='$_POST[kinito]', mail='$_POST[mail]', username='$_POST[username]', password='$_POST[password]', teponimia='$_POST[teponimia]', toccupation='$_POST[toccupation]', taddress='$_POST[taddress]' tafm='$_POST[tafm]', tdoy='$_POST[tdoy]', tphone='$_POST[tphone]' WHERE id='$_POST[id]'"); $sql = "INSERT INTO header (fullname, address, city, tk, phone, kinito, mail, pliromi, tpliromi, apostoli, remarks, ordate, sessionid) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')"; $sqlRes = mysql_query(sprintf($sql,$_POST['fullname'],$_POST['address'],$_POST['city'],$_POST['tk'],$_POST['phone'],$_POST['kinito'],$_POST['mail'],$_POST['pliromi'],$_POST['tpliromi'],$_POST['apostoli'],$_POST['remarks'],$_POST['ordate'],$sessionid),$con); $query_id = mysql_query("SELECT orderid FROM header WHERE sessionid='$sessionid' ORDER BY orderid desc LIMIT 0, 1"); $query_r = mysql_fetch_assoc($query_id); $orderid = $query_r['orderid']; $cart_prods = mysql_query("SELECT code, model, qty FROM cart WHERE sessionid='$sessionid' ORDER BY model"); while ($cart_r = mysql_fetch_assoc($cart_prods)) { $code = $cart_r['code']; $model = $cart_r['model']; $qty = $cart_r['qty']; mysql_query("INSERT INTO details (orderid, code, model, qty) VALUES ('$orderid', '$code', '$model', '$qty')"); } $sqlDel = "DELETE FROM cart WHERE sessionid='$sessionid'"; mysql_query($sqlDel, $con); mysql_close($con); } ?> PHP: can anybody help me?
- Don't EVER put $_POST variables directly in the query string without filtering them. - Use OR die(mysql_error()); to let MySQL tell you what's wrong, rather than guessing.