Reputation: 23
It seems that my mysqli query doesn't has any mistake. But it shows following error.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '( title = 'Maths', start ='10:00am', end ' at line 1
This is my query.
$title = $_POST['title'];
$date = $_POST['date'];
$from = $_POST['from'].$_POST['from_time'];
$to = $_POST['to'].$_POST['to_time'];
$student=$_POST['student'];
$place = $_POST['location'];
$event_id = $_GET['event_id'];
$ti = $_SESSION['teacher_id'];
if ($date=='Monday'){
$update = mysqli_query($conn,"UPDATE teacher_class_schedule SET(
title = '".$title."',
start ='".$from."',
end ='".$to."',
Monday = '".$date."',
Tuesday = 'false',
Wednesday = 'false',
Thursday = 'false',
Friday = 'false',
Saturday = 'false',
Sunday = 'false',
teacher_id = '".$ti."' ,
number_of_student = '".$student."',
day = '".$date."',
location = '".$place."') WHERE id = '".$event_id."'");
Can anyone help me to fix this error.
Upvotes: 1
Views: 105
Reputation: 180
You should use a prepared statement to avoid code injection. (documentation)
You also don't have to use parenthesis arround your SET data (documentation)
<?php
$stmt = $dbh->prepare("UPDATE teacher_class_schedule SET title = :title, start = :start, [...]");
$stmt->bindParam(':title', $_POST['title']);
$stmt->bindParam(':start', $_POST['from']);
// ...
$stmt->execute();
Upvotes: 2