CODEWITHSUNDEEP
phpsql
Daniel USAF
Daniel USAF

Reputation: 29

PHP SQL Update Query syntax

I'm working on my first PHP/MySQL project, and I've gotten basic logins and INSERT queries working, but not updates. This is my first update, which is just one row with a state and zipcode. Is anything wrong?

$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$state=$_POST['state'];
$zip=$_POST['zip'];

$custnum = 0;
$sql="UPDATE $tbl_name SET state = '$state', zip = '$zip', WHERE custnum = '$custnum'";
$result = mysqli_query($dbc, $sql)
or die('Error querying database.');

Upvotes: 0

Views: 17056

Answers (6)

Laud Randy Amofah
Laud Randy Amofah

Reputation: 29

$suitno =mysqli_real_escape_string($ecms,$_POST['suitno']);//protecting sql injection 
$defendant=mysqli_real_escape_string($ecms,$_POST['defendant']);//protecting sql injection 
$casenature=mysqli_real_escape_string($ecms,$_POST['casenature']);//protecting sql injection 

$sql="UPDATE causelist SET suitno='{$suitno}', 
casenature='{$casenature}' WHERE suitno='{$suitno}'";
$result = mysqli_query($ecms, $sql)
or die('Error querying database.');

Upvotes: 2

dev4092
dev4092

Reputation: 2891

if(isset($_POST['update'])) { $name=$_POST['name']; //echo $name; die; $surname=$_POST['surname'];

 $upd="update table_name SET  name='$name',surname='$surname' where id=$id";
mysql_query($upd);

}

Upvotes: 0

Matt K
Matt K

Reputation: 6708

$sql="UPDATE {$tbl_name} SET state='{$state}', zip='{$zip}' WHERE custnum='{$custnum}'";

Remove the last comma before "WHERE" clause. Also, if you're just starting out it's good to put parenthesis around variables names when using double-quotes for strings. Helps you to distinguish the variables better.

Pekka is also correct in his comments, you are mixing mysql and mysqli functions. Use mysql_query() instead.

Upvotes: 4

David Kirui
David Kirui

Reputation: 1

Looks like a sql syntax error:Remove the comma before WHERE

Upvotes: 0

Ofir Baruch
Ofir Baruch

Reputation: 10356

    $dbc = mysql_connect($host, $username, $password)or die("cannot connect"); //don't need quotes
    mysql_select_db($db_name,$dbc)or die("cannot select DB"); //added the $dbc (connection link) as a second parameter

    $state=mysql_real_escape_string($_POST['state']); //Should make it safe!
    $zip=mysql_real_escape_string($_POST['zip']); //Should make it safe!

    $custnum = 0;
    $sql="UPDATE $tbl_name SET state = '$state', zip = '$zip' WHERE custnum = '$custnum'"; 

//removed an extra comma

    //Notice that $tbl_name isn't defined!
    u
    $result = mysql_query($sql)
    or die('Error querying database.'); //from mysqli to mysql

Upvotes: 1

Alex Howansky
Alex Howansky

Reputation: 53573

I think you need to get rid of the comma just before the WHERE.

Upvotes: 2

Related Questions