How to update a mysql column with php?

Question

I'm making a website to connect to MySQL, but I've this function to update a SQL column in php:

<?php
    function insert_db($table, $id, $value, $id2, $value2){
       $con = mysql_connect($server, $user_name, $password); 
       $db_found = mysql_select_db($database); 
       if ($db_found){
          mysql_query(" UPDATE ".$table." SET ".$id."='".$value."' WHERE ".$id2." = '".$value2."'); //this doesn't work!
          mysql_close($con);
       }
       else {
          print "Database not found!";
          mysql_close($con);
       }
    }
?>

But this function doesn't work! Please help me! And is there a better way of doing this instead of "mysql_query()"?

Answer 1

1. you are missing a closing quote " at the end of your mysql_query() .
2. your variables $server , $user_name , $password and $database do not exist inside your function. If you set it outside the function you have to import them with global $server, $user_name, $password, $database before you can use them.
3. The mysql_* functions are becoming deprecated. Don't write new code with them, use mysqli_* or PDO objects.

Answer 2

You can kinda answer your own question looking at the StackOverflow syntax highlights. You're missing a closing quote in the SQL statement. As for a better way, I always put my SQL into a variable first. It helps catch these kinds of things. Also, you're not sanitizing anything here in your function. I hope you're doing something elsewhere to prevent SQL injection.

I would NOT create your DB connection inside a function. You're creating a connection, executing ONE query, and then closing it. That's a lot of overhead for one function. I would pass your connection into your function and use it like that.

function insert_db($con, $table, $id, $value, $id2, $value2){
     $sql = "UPDATE " . $table . " 
       SET " . $id . "='" . $value . "' 
       WHERE " . $id2 . " = '".$value2."'";
       mysqli_query($con, $sql);
}