updating data in a database - prepared statement (PHP)

Question

I'm quite new to php and previously have just been using mysqli for my queries. However I always see people saying to use prepared statements instead, so i went through my project in an effort to change all my queries into prepared statements. This particular query is not updating

        $email = $userDetails['email'];
        $token = bin2hex(random_bytes(16));
        $username = $userDetails['username'];
        $timestamp = date('Y/m/d H:i:s');
        $sql = "UPDATE users SET token = ? AND timestamp = ? WHERE email = ?";
        $stmt = mysqli_prepare($connect, $sql);
        mysqli_stmt_bind_param($stmt,"sss",$token,$timestamp,$email);
        mysqli_stmt_execute($stmt);

Syscall · Accepted Answer

You are using AND instead of , in your UPDATE query :

$sql = "UPDATE users SET token = ?, timestamp = ? WHERE email = ?";

updating data in a database - prepared statement (PHP)

Answers (1)

Related Questions