How do i correct this MySql query?

Question

I have a query that I am trying to update a MySQL table with

UPDATE `" . TABLE_PREFIX . "TABLE` SET FIELD = CONCAT(FIELD, " . $MyString . ")    

$MyString would contain a useragent like MOZILLA/5.0 (COMPATIBLE; SEMRUSHBOT/1.2~BL; +HTTP://WWW.SEMRUSH.COM/BOT.HTML but I am getting a syntax error? The field is set up as TEXT NULL and default is NULL .

Any help appreciated.

For clarity all I am trying to do is add text to a text field in the database, the text IS exactly like the useragent above!

Kind regards, Simon

Answer 1

String delimiters in sql are ', I assume that your query in the question is some kind of mix between php and sql. I would suggest that you start by getting the sql correct first, and after that incorporate it into php. Your query probably should look something like:

UPDATE ST_uAgent 
    SET agent = CONCAT(agent, 'MOZILLA/5.0 (COMPATIBLE; DOTBOT/1.1; HTTP://WWW.OPENSITEEXPLORER.ORG/DOTBOT, HELP@MOZ.COM)');

Answer 2

You need to put ' quotes ' around your string.

"UPDATE `" . TABLE_PREFIX . "TABLE` SET FIELD = CONCAT(FIELD, '". $MyString ."')"  

Without this MySQL doesn't know how to interpret the data you are passing it.

That said, what you are attempting here is extremely risky and leaves you wide open to SQL injection.

Consider using parameterisation / prepared statements as provided by mysqli or PDO instead - see here: How can I prevent SQL injection in PHP?

Answer 3

I guess the problem is the delimiter ´. Eliminate the delimiter:

("UPDATE ". TABLE_PREFIX ." TABLE SET FIELD = CONCAT(FIELD, '". $MyString ."')");

It's just a guess.