MySQL UPDATE Query PHP doesn't work

Question

I'm trying to update a column, I got no modification in the column value can you please help me with that?

Code i am trying:-

global $wpdb;
$param1 = $_GET['projectID'];
$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";
$wpdb->query($sql1);
echo $param1;
echo $sql1;

this is what i got as error :

Erreur de la base de données WordPress : [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=

UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=

Answer 1

It seems like your $param1 value may be empty, or otherwise invalid.

[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1]

The '' implies that the value is empty; so the SQL is doing:

UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=''

Which is invalid as nothing ( '' ) is not an integer value as expected.

Solution:

You need to force the $param1 value to be interger. You can do this by typecasting in PHP .

so:

$param1 = (int)$_GET['projectID']; // forces it to a numeric value, 1 or 0

This will then mean the SQL will work correctly:

$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";

You do not need the brackets around the nbrDonation+1 and you do not need quotes around the ID number, because it's numeric.

---

Please also note:

How to Prevent SQL Injection compromise in MySQL with PHP

Answer 2

Remove the single quote your projectID

$sql1="UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=$param1";

Try now.