我的更新查询出了什么问题？

Question

Can you tell me what's wrong with this update statement? Not updating my db record in mysql

$updateid = $row[id]; 

$result2 = mysql_query("UPDATE grades SET processed = 1
where 'id' = '$updateid'") or die(mysql_error()); 

Answer 1

ColumnNames ( as well as TableName ) shouldn't be enclosed with single quotes because they are identifiers and not string literals. Wrapping an identifier with single quotes makes it string literals.

UPDATE grades 
SET processed = 1
where id = '$updateid'

If you are unsure if the columnName ( or TableName ) you are using is a reserved keyword, delimit it with backticks and not with single quotes. eg,

UPDATE `grades` 
SET `processed` = 1
where `id` = '$updateid'

As a sidenote, the query is vulnerable with SQL Injection if the value( s ) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• How to prevent SQL injection in PHP?

• When to use single quotes, double quotes, and backticks in MySQL

Answer 2

You are quoting your column name. If you want to do that (it's not necessary here), you should use backticks:

$result2 = mysql_query("UPDATE grades SET processed = 1
             where `id` = '$updateid'") or die(mysql_error());

Apart from that you should make sure that your variable is safe to use in an sql query, preferably using PDO (or mysqli) and prepared statements. If you really want to use the deprecated mysql_* functions, you should use mysql_real_escape_string() .