I’m getting the return “Error” I know it’s because I didnt do it correctly. I just am not sure which part is incorrect.
[php]
$user=$_SESSION[‘username’];
$stat = $_POST[‘stat’];
$category = $_POST[‘category’];
$file = $_FILES[“file”][“name”];
$sql=“UPDATE reguserstest SET ‘$category’=’$stat’ WHERE username=’$user’”;
if (mysql_query($sql,$con))
{
echo "SUCCESS!";
}
else
{
echo "<h1>Error</h1>";
}
[/php]
Your query should be:
$sql="UPDATE reguserstest SET `$category`='$stat' WHERE username='$user'";However, you should really look at securing those queries against SQL injection. Right now, using that specific query and two of the parameters, I can replace anything I like in your entire database.
thanks for your input. this is something i’m toying around with to learn with. could you point me to some good resources that would help me learn securities against SQL injection?