23.08.2009, 22:20
Ok fail? Alex just pointed out to me that you're "pass" is not a string...
It should be new pass[20] = cmdtext[7];
Anyway since that's a guarenteed fix, you also need to use mysql_escape_string(pass,pass); before setting the query string, so that you escape any injection vulnerabilities.
It should be new pass[20] = cmdtext[7];
Anyway since that's a guarenteed fix, you also need to use mysql_escape_string(pass,pass); before setting the query string, so that you escape any injection vulnerabilities.

