Reputation: 93
MYSQL Update Syntax error with string input
my code below
$count++;
$yesstring = 'MATCH';
echo $count . '. RESULT ' . $idcheck . ': ' . $phonecheck . ' was matched. <br />';
$matchquery = sprintf("UPDATE `list` SET match = `%s` WHERE homephone = `%s` LIMIT 1",
mysql_real_escape_string($yesstring),
mysql_real_escape_string($phonecheck));
$matchresult = mysql_query($matchquery);
if (!$matchresult) {
die("Invalid query: " . mysql_error());
}
and this is my error
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'match = MATCH WHERE homephone = (999) 999-9999 LIMIT 1' at line 1
any help would be appreciated
Upvotes: 0
Views: 190
Answers (2)
Reputation: 211560
You're using backticks when you should be using regular quotes. Backticks are reserved for escaping table or column names:
INSERT INTO `foo` VALUES ('value')
Although you're properly escaping your SQL, calling mysql_real_escape_string can prove to be a constant nuisance. Switching to mysqli or PDO would make writing correct SQL a lot easier in the long-run.
Upvotes: 1
Reputation: 204746
match is a reserved word in MySQL. Escape it with backticks:
UPDATE `list` SET `match` = ...
Upvotes: 2
Related Questions
- Php mysql query update of data gives syntax error
- SQL syntax error when updating value in database
- Mysql syntax error on update
- MYSQL PHP : update query results in a syntax error
- PHP update query with syntax error
- MySQL UPDATE syntax error - Everything is ok?
- MySQL UPDATE syntax error with variables
- MySQL Update Syntax Error
- UPDATE MySQL Syntax Error
- UPDATE sql String Error