[ic] Re: Attempted database update without permission

interchange-users@icdevgroup.org interchange-users@icdevgroup.org
Fri Aug 23 05:13:00 2002 

Alma Nuker writes: 

> Hi list; 
> 
> I have form which I use to enter data into database as follow: 
> 
> [update values]
> [set mv_data_enable]1[/set]
> [tag flag write]partnersdb[/tag]
> <FORM ACTION="[process]" METHOD="POST">
> <INPUT TYPE=HIDDEN NAME="mv_data_table"    VALUE="partnersdb">
> <INPUT TYPE=HIDDEN NAME="mv_data_key"      VALUE="partners_id">

Here you have partners_id. 

> <INPUT TYPE=HIDDEN NAME="mv_data_function" VALUE="insert">
> <INPUT TYPE=HIDDEN NAME="mv_nextpage" VALUE=@@MV_PAGE@@>
> <INPUT TYPE=hidden NAME=mv_check VALUE=NewWeb>
> <INPUT TYPE=hidden NAME="mv_form_profile" VALUE="partners_profile">
> <INPUT TYPE="HIDDEN" NAME="mv_data_fields"
> VALUE="partners_id,fname,lname,email,company,address1,city,state,zip,country,partner_type,partners_comments"> 
> 
> [set NewWeb]
> [if type=explicit compare="[error all=1 show_var=1 keep=1]"]
> mv_nextpage=@@MV_PAGE@@
> [else]
> mv_nextpage=ord/send_partners
> [/else]
> [/if]
> [/set]
> <INPUT TYPE="HIDDEN" NAME="mv_data_return_key" VALUE="partners_id">
> <INPUT TYPE=HIDDEN name="partners_id" value=""> 
> 
> ................ 
> 
> ,,,,,,,,,,,,,, All other fileds here ,,,,,,,,,,,,,,,,,, 
> 
> <INPUT TYPE=hidden NAME="mv_todo" VALUE="set">
> <INPUT TYPE="SUBMIT" VALUE="Register">
> <INPUT TYPE="Reset">
> </FORM> 
> 
> I am using mysql database and in dbconfig/mysql I have defined partners
> table as follow: 
> 
> Database  partnersdb  partnersdb.txt   __SQLDSN__
> ifdef SQLUSER
> Database  partnersdb  USER         __SQLUSER__
> endif
> ifdef SQLPASS
> Database  partnersdb  PASS         __SQLPASS__
> endif
> Database  partnersdb  KEY          parteners_id
> Database  partnersdb  COLUMN_DEF   "parteners_id=INT(9) UNSIGNED
> AUTO_INCREMENT PRIMARY KEY"

Here you have parteners_id with an extra "e" !? 

Ciao
    Racke 

-- 
Prolific Interchange Consulting (Excellent German Quality !).
Take a look at Materialboerse (http://www.materialboerse.de/), WITT
(http://www.witt-weiden.de/), Boxmover (http://shop.boxmover.ch/) or
Passionshop (http://www.passionshop.com/racke). Need a shop ? Contact us.