[dangmnx]

It's not giving me an error, but it's also not doing what i assigned it to do, It isn't locking the topic... every time i click submit it takes me back to generalforum_lock.php

<?php
error_reporting (E_ALL);
include("connect.php");

$id = $_POST['id'];
$lock = $_POST['lock'];

$query = mysql_query("UPDATE forum_question SET `lock`='$lock' WHERE `id`='$id'") or die(mysql_error());
header("Location: generalforum_lock.php");
?>

[Martyr2]

Well of course it takes you back to generalforum_lock.php, you have a header statement there sending you to that page no matter what your code is doing. What you need to do is currently comment the header() call out and then echo out the values of $id and $lock to see if they equal what you expect. Then you can also see if mysql_error is giving you a message to what is wrong. You won't know because header keeps redirecting you. So take that out for now and see what the page prints.

[Dormilich]

if lock and id are integer fields, they must not be quoted.

and you’re open to SQL Injection Attacks.

[dangmnx]

<?php
error_reporting (E_ALL);
include("connect.php");

$id = mysql_real_escape_string($_POST[id]);
$lock = mysql_real_escape_string($_POST['lock']);

$query = mysql_query("UPDATE forum_question SET `lock`='$lock' WHERE id='$id'") or die(mysql_error());
header("Location: generalforum_lock.php");
?>

So like that??

This post has been edited by dangmnx: 07 June 2011 - 10:27 PM

[Dormilich]

depends on whether lock and id are integers or not.

[dangmnx]

id is set as INT 11 and lock is VARCHAR 11

[Dormilich]

wasn’t lock an integer last time? as for id:

// either
$id = (int) $_POST['id'];
// or
$id = filter_input(INPUT_POST, "id", FILTER_VALIDATE_INT);

// and then an appropriate check, whether $id is a sensible value

[dangmnx]

Thank you