Svante
Reputation: 45
Mysqli update query doesn't work
So I'm trying to build a kind of update email function, and the part that should put it into the db looks like this
<?php $emailfrom = $_POST['emailfrom'];
$emailto = $_POST['emailto'];
$query = sprintf('UPDATE `users` SET `email`="%s" WHERE `email`="%s"`',
mysqli_real_escape_string($db, $emailfrom),
mysqli_real_escape_string($db, $emailto));
mysqli_query($db, $query);
The problem is that the row don't update... And I need help in knowing why, as I'm not so well experienced with mysql, used other dbs mainly earlier
Upvotes: 0
Views: 1098
Answers (2)
Thomas Williams
Reputation: 1548
The accepted answer will work, but a prepared statement would be much safer
$query="UPDATE `users` SET `email`= ? WHERE `email`= ?";
$stmt = $db->prepare($query);
$stmt->bind_param('ss',$_POST['emailfrom'],$_POST['emailto']);
$stmt->execute();
$stmt->close();
With a prepared statement you don't have to worry about escaping your variables to prevent SQL injection.
Upvotes: 1
sunshinejr
Reputation: 4854
You've got syntax error in your query.
\/
$query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`',
mysqli_real_escape_string($db, $emailfrom),
mysqli_real_escape_string($db, $emailto));
mysqli_query($db, $query);
Also, you probably want to change emails from emailFrom to emailTo, now you are doing it the other way around. After edit:
$query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`',
mysqli_real_escape_string($db, $emailto),
mysqli_real_escape_string($db, $emailfrom));
mysqli_query($db, $query);
Upvotes: 1
Related Questions
- mysqli_query of update statement isn't working in PHP
- Issues using UPDATE statement in MySQL
- Update Statement Error with MySQLi
- UPDATE query is not working php
- Update is not working for mysqli
- SQL statement update record not working
- mysqli update not working
- MySQLi update query not working - no errors?
- UPDATE query in MYsqli+PHP doesnt work
- sql update statement fails