0

CODE am trying:

what about update radio button's logic ?? Is this OK ??

            if(isset($_POST['btnSubmit']))
{   
    $book_save = $_POST['book_title'];
    $author_save = $_POST['author_name'];
    $gender_save = $_POST['gender'];

    mysql_query("UPDATE bookss SET book_title ='$book_save',author_name ='$author_save',gender='$gender_save' WHERE ID = '$id'")
                or die(mysql_error());

i refer 2 links in SO but m not getting properly with radio button .... Suggestions are always Welcome ...

Improve this question
1

2 Answers 2

Reset to default
1

I agree with everyone above, are you hard coding the radio button values? if so, I'm not sure how SQL injection would effect radio button entries. In any case, if you're stuck to this structure I'd at least do something like this: $book_save = mysql_real_escape_string($_POST['book_title']);

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You can't think of a $_POST value as a "radio button entry". I can create a form on my site, or even locally on my computer, and have it post to your form, and attempt to inject different values for your radio buttons than what you hard code. For that reason, every element of the $_POST array should be validated/escaped before anything is used in a query string (unless you're using prepared statements).
0

What you're doing is correct. I would suggest you escape your data though. You're open to sql injection. I'd also look into using PDO as the mysql functions are deprecated.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.