Fun Errors -_-

Rayn

One Simple Question. Why wont the query in this run correctly???

(I am using OO with this)

function item($var) {
global $userinfo;

  if ($_GET['action']=="now") {

// FORM code here

  }

  if ($_POST['action']=="do") {

eval("\$DBCODE = \"$DBCODE\";");
$Site->query("$DBCODE");

  }

}

item("UPDATE user SET field='test' WHERE userid='$userinfo[userid]'");

Thanks 🙂

zhabala

What do you think this script should do ?

You are passing the query to the function as a parameter named $var, but it is nod handled within the function. Why ?

Zdenek

Rayn

Why? Simple.

Within the code I am using having this option will not only make the code more dynamic, but the coding process faster and more structured.

jayant

I think you are confused!

You are running the query that will be stored in $DBCODE
and you are passing the query you want to execute in $var. how do you expect to run the query from $DBCODE then?

Rayn

Originally posted by jayant
I think you are confused!

You are running the query that will be stored in $DBCODE
and you are passing the query you want to execute in $var. how do you expect to run the query from $DBCODE then?

< AKKK $var is equal to $DBCODE

a little error in the example :o

jayant

If $var is equal to $DBCODE, why do you require to use both variables at all.

Moreover, where is $DBCODE getting its value? from a web-based form (as a hidden field)? If yes, you are leaving a huge security jole in there.

Also i guess $DBCODE is a global, you you will need to have:

global $userinfo,$DBCODE;
instead of
global $userinfo;