Reputation: 447
Update where id=$id
I have this query to submit data into the database:
$sql = "UPDATE table SET user='$user', name='$name' where id ='$id'";
the id will be obtained via url EX localhost/index.php?id=123
$id=$_GET['id']
The query will not work correctly; the data will not update. If I write :
$sql = "UPDATE table SET user='$user', name='$name' where id ='123'";
It works fine.
If I echo the ID it will show the correct result, 123.
Where is the problem?
Upvotes: 4
Views: 86175
Answers (6)
Reputation: 11
$id = $_GET['id']
<form action="#.php" method="POST">
<input type="hidden" name="id" value="<?php echo $id?>">
</form>
then, inside PHP block,
$id = $_POST['id'];
$sql = "UPDATE table SET user='$user', name='$name' where id ='$id'"
Upvotes: 1
Reputation: 157839
run ALL your queries the way you can get the error message along with erroneous query.
so, at least this way
$sql = "UPDATE table SET user='$user', name='$name' where id ='$id'";
$res = mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);
and it will tell you where is the problem.
It is WAY more convenient, precise and faster than asking questions here.
Upvotes: 12
Reputation: 34837
First of all, you're wide open to SQL Injection attacks if you do it like this. Anyone can just alter the part after id= to anything they like and modify your database with that.
Secondly, I see you pass an id to the script, but where does it determine the $user and $name values? Seems like your code posted is incomplete.
Upvotes: 0
Reputation: 737
TableName should be there ....you have not used table name in your query..Echo the $sql and then try executing in phpmyadmin.
Upvotes: 0
Reputation: 360592
I'm guessing your problem is mal-formed SQL due to unescaped data interpolation - an SQL injection hole.
What does your actual generated query look like? Not the code that creates the sql (which you've got above), but the actual SQL after the variables are inserted?
I'm guessing it'll look something like this:
UPDATE table SET user='fred', name='O'Brien' where id='123';
^--unescaped quote
causing a syntax error.
If you're running the query like this:
$result = mysql_query($sql);
then change it to be
$result = mysql_query($sql) or die(mysql_error());
so you'll immediately get feedback if the query fails for any reason.
And then read up about SQL injection holes
Upvotes: 5
Reputation: 2042
Without getting into the issue of how bad it is to pull data right from the GET array, I'd start by suggesting you properly escape your variables. I assume ID is an integer, so there's no need for singlequotes around it.
$sql = "UPDATE table SET user='".$user."', name='".$name."' where id=".$id;
See if that works.
Upvotes: 0
Related Questions
- SQL select ID then use that ID in an update
- Updating a mySQL row containing IDs
- Getting designated id in tables in MYSQL UPDATE
- SQL Update multiple rows based on ID
- mysql update issues where id in
- Updating records by ID mysql and php
- How to update database using `id`?
- php/mysql UPDATE where id = blah
- updating mysql by id
- Updating an ID in the database