UPDATE Query in MySQL using WHERE

Question

I'm running the following UPDATE query and having no succes:

$sql="UPDATE users SET firstname='".$_GET['fn']."',lastname='".$_GET['ln']."',email='".$_GET['emadd']."' WHERE id = ".$_GET['id'];

mysql_error(); returns no error, though I'm sure this is a syntax issue.

If you can help me clean this up with an explanation to help me learn where I went wrong it would be much appreciated!

To give a larger point of reference, here is the table creation code:

$sql="CREATE TABLE users
(
id int NOT NULL auto_increment,
PRIMARY KEY(id),
firstname varchar(20),  
lastname varchar(20),
email varchar(40)
)";

And here is the entire code from my updater.php which runs the update query on the table:

mysql_select_db(dustin,$con);
$sql="UPDATE users SET firstname='".$_GET['fn']."',lastname='".$_GET['ln']."',email='".$_GET['emadd']."' WHERE id = ".$_GET['id'];
$sherlock=mysql_query($sql,$con);

echo $sql returns the following:

UPDATE users SET firstname='Mike',lastname='Wilson',email='mike@eyeball.com' WHERE id = 

Does this mean my id is not getting passed over?

To see it live in action, go to 24.77.236.155/dustin/Assignment2/users.php and click edit to play with the query. Also, 24.77.236.155/dustin/Assignment2/add.htm is available to add users to the table.

Answer 1

always run all your queries at least this way

$result = mysql_query($sql,$con) or trigger_error(mysql_error(). " ".$sql); 

unlike some wild guesses from answers here, it will give you EXACT and compplete picture of the problem.

Answer 2

The query seems fine, I am assuming it is not updating the table?

One way to debug this is to echo the $sql in next line to see what values you are receiving for GET variables and the actual query that is being passed to the database.

echo $sql;

Answer 3

You are missing the quotes in the where bit

i.e.

...where id='" . $GET['id] . "'";

Also you have a security issue by using $GET without checking those values.