Daniel USAF
Reputation: 29
PHP SQL PDO Update Query
At the suggestion of many, I am learning PDO to perform a large PHP MySQL query. What is wrong with my query? The code is just one large form submission, and everyone recommends PDO over handcoding a large mysql query.
The query itself gives a complain from Dreamweaver but not from Zend Studio. Could anything be wrong?
<?php
$host="localhost"; // Host name
$username="********"; // Mysql username
$password="********"; // Mysql password
$db_name="practice"; // Database name
$tbl_name="administration"; // Table name
// Connect to server and select databse.
//$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect");
try {
# MySQL with PDO_MYSQL
$DBH = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
}
catch(PDOException $e) {
echo $e->getMessage("Error Connecting to Database");
$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
}
mysql_select_db("$db_name")or die("cannot select DB");
//These variables stay the same and can be used as is in A PDO submission
$ac1=$_POST['ac1'];
$ac2=$_POST['ac2'];
$fan=$_POST['fan'];
$na=$_POST['na'];
$dh=$_POST['dh'];
//Initialization of variables is typical
$tolerance1=$_POST['tolerance1'];
$temptime1=$_POST['temptime1'];
$tolerance2=$_POST['tolernce2'];
$temptime2=$_POST['temptime2'];
$tolerance3=$_POST['tolerance3'];
$temptime3=$_POST['temptime3'];
$tolerance4=$_POST['tolerance4'];
$temptime4=$_POST['temptime4'];
$tolerance5=$_POST['tolerance5'];
$temptime5=$_POST['temptime5'];
$humidtolerance1=$_POST['humidtolerance1'];
$humidtime1=$_POST['humidtime1'];
$humidtolerance2=$_POST['humidtolerance2'];
$humidtime2=$_POST['humidtime2'];
$humidtolerance3=$_POST['humidtolerance3'];
$humidtime3=$_POST['humidtime3'];
$humidtolerance4=$_POST['humidtolerance4'];
$humidtime4=$_POST['humidtime4'];
$humidtolerance5=$_POST['humidtolerance5'];
$humidtime5=$_POST['humidtime5'];
$custnum = 0;
//Each parameter is bound to a number.
$STH->bindParam(1, $ac1);
$STH->bindParam(2, $ac2);
$STH->bindParam(3, $fan);
$STH->bindParam(4, $na);
$STH->bindParam(5, $dh);
$STH->bindParam(6, $tolerance1);
$STH->bindParam(7, $temptime1);
$STH->bindParam(8, $tolerance2);
$STH->bindParam(9, $temptime2);
$STH->bindParam(10, $tolerance3);
$STH->bindParam(11, $temptime4);
$STH->bindParam(12, $tolerance4);
$STH->bindParam(13, $temptime4);
$STH->bindParam(14, $tolerance5);
$STH->bindParam(15, $temptime5);
$STH->bindParam(16, $humidtolerance1);
$STH->bindParam(17, $humidtime1);
$STH->bindParam(18, $humidtolerance2);
$STH->bindParam(19, $humidtime2);
$STH->bindParam(20, $humidtolerance3);
$STH->bindParam(21, $humidtime3);
$STH->bindParam(22, $humidtolerance4);
$STH->bindParam(23, $humidtime4);
$STH->bindParam(24, $humidtolerance5);
$STH->bindParam(25, $humidtime5);
$STH->bindParam(26, $custnum);
//Dreamweaver says there is an error here but Zend Studio does not.
# unnamed placeholders
$STH = $DBH->("UPDATE $tbl_name WHERE custnum = $custnum (ac1, ac2, fan, na, dh, tolerance1, temptime1, tolerance2, temptime2, tolerance3, temptime3, tolerance4, temptime4, tolerance5, temptime5, humidtolerance1, humidtime1, humidtolerance2, humidtime2, humidtolerance3, humidtime3, humidtolerance4, humidtime4, humidtolerance5, humidtime5,) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$STH->execute();
//Send them back to the page they were at/
header("location:index.php");
?>
Upvotes: 1
Views: 3547
Answers (1)
netcoder
Reputation: 67745
Well you're doing:
$DBH->("...");
instead of:
$STH = $DBH->prepare("...");
You're also using $STH uninitialized in your code (since it's prepare that initializes it and it's missing). You'd want to prepare the statement first, then bind parameters to it (not the other way around, like it is actually the case):
$STH = $DBH->prepare("...");
$STH->bindParam(1, $ac1);
$STH->bindParam(2, $ac2);
// ...
You can also just prepare it and pass an array to PDOStatement::execute:
$STH = $DBH->prepare("...");
$STH->execute(array($ac1, $ac2, ...));
Your MySQL query is also wrong, you're doing:
UPDATE table WHERE something = something (column1, column2) values (?, ?)
The WHERE is misplaced, and the (column) VALUES (?) syntax is the INSERT syntax, not UPDATE. You'd want to do this instead:
UPDATE table SET column1=?, column2=? WHERE something = something
Lastly, you should remove this:
mysql_select_db("$db_name")or die("cannot select DB");
Upvotes: 10
Related Questions
- PHP PDO dynamic update query to MYSQL
- What's wrong with update query in php
- Why update query doesn't work?
- Update using PDO statement
- Php Update using PDO
- Update query with PDO and MySQL
- Php pdo update statement
- PHP PDO Update Query not working
- How to change an update query from mysql to pdo?
- PHP -> PDO Update Statement