user1427274
user1427274

Reputation: 39

PHP script not updating mysql table

this script is simply not working... can anyone tell me what I'm doing wrong?

$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];

    include('appvars.php');

    $query = "UPDATE insight SET name='".$name."' AND SET date='". $date . "' AND SET html='" . $html . "' AND SET shortdesc='" . $shortdesc . "' AND SET link='" . $link . "' AND SET target='" . $target . "' AND SET sort='" . $sort . "' WHERE id='" . $id . "'";

    mysqli_query($dbc, $query);

Upvotes: 0

Views: 153

Answers (5)

Jelly
Jelly

Reputation: 111

I think the SQL syntax is not correct, you can use it like this: UPDATE tablename SET rowname = value , ....

Upvotes: 0

Mark Byers
Mark Byers

Reputation: 839264

You aren't escaping your values so you are vulnerable to SQL injection and also construction of invalid statements. For example, if any of your input strings contain an apostrophe then it could cause your code to fail.

Have a look at prepared statements that will make it much easier to construct your queries with parameters.

In your query you will also need to use commas instead of AND SET.

$query = "UPDATE insight SET name='foo', date='2012-12-10' WHERE id=42";

The syntax for UPDATE is described in the MySQL documentation:

Upvotes: 5

Jashwant
Jashwant

Reputation: 29025

I aint a pro at mysql, but a try.

I guess id is an integer. So, dont quote it.

Try this,

$query = "UPDATE insight SET name='".$name."' , date='". $date . "' , html='" . $html . "' , shortdesc='" . $shortdesc . "' , link='" . $link . "' , target='" . $target . "' , sort='" . $sort . "' WHERE id=". $id ;

Upvotes: 0

Wazan
Wazan

Reputation: 539

Its working ... check now

 $id = $_POST['id'];
    $name = $_POST['name'];
    $date = $_POST['date'];
    $shortdesc = $_POST['shortdesc'];
    $link = $_POST['link'];
    $target = $_POST['target'];
    $sort = $_POST['sort'];
    $html = $_POST['html'];

        include('appvars.php');

       $query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";



        mysqli_query($dbc, $query);

Upvotes: 0

Stranger
Stranger

Reputation: 10631

Use it like this,

$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";

Upvotes: 0

Related Questions