sunweb japan
sunweb japan

Reputation: 23

Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use in Update

It seems that my mysqli query doesn't has any mistake. But it shows following error.

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '( title = 'Maths', start ='10:00am', end ' at line 1

This is my query.

$title = $_POST['title'];
$date = $_POST['date'];
$from = $_POST['from'].$_POST['from_time'];
$to = $_POST['to'].$_POST['to_time'];
$student=$_POST['student'];
$place = $_POST['location'];
$event_id = $_GET['event_id'];
$ti = $_SESSION['teacher_id'];

if ($date=='Monday'){

    $update = mysqli_query($conn,"UPDATE teacher_class_schedule SET(
        title = '".$title."',
        start ='".$from."',
        end ='".$to."',
        Monday = '".$date."',
        Tuesday = 'false',
        Wednesday = 'false',
        Thursday = 'false',
        Friday = 'false',
        Saturday = 'false',
        Sunday = 'false',
        teacher_id = '".$ti."' ,
        number_of_student = '".$student."',
        day = '".$date."',
        location = '".$place."') WHERE id = '".$event_id."'");

Can anyone help me to fix this error.

Upvotes: 1

Views: 105

Answers (1)

Caligone
Caligone

Reputation: 180

You should use a prepared statement to avoid code injection. (documentation)

You also don't have to use parenthesis arround your SET data (documentation)

<?php
$stmt = $dbh->prepare("UPDATE teacher_class_schedule SET title = :title, start = :start, [...]");
$stmt->bindParam(':title', $_POST['title']);
$stmt->bindParam(':start', $_POST['from']);
// ...
$stmt->execute();

Upvotes: 2

Related Questions