SQL syntax error for use near 'WHERE id=1'

Question

I'm trying to make an Arduino program and php web to comunicate Arduino with server. But, in a .php file, i get his error and I don't know how to fix it.

The error says: Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id=1' at line 1

<?php
$rele = $_POST['rele'];
$modo = $_POST['modo'];


// Datos personales de la base de datos
    $name = "cl60-32";
    $pass = "alu32";
    $server = "localhost";
    $dates = "cl60-32";




$conn = new mysqli($server, $name, $pass, $dates);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); }

$update_sql="UPDATE ACTUADORES SET rele=".$rele.", modo=".$modo." WHERE   id=1";

if ($conn->query($update_sql) === TRUE) {
    echo "Valores actualizados";
} else {
    echo "Error updating record: " . $conn->error;
}
$conn->close();
?>

Answer 1

I know this is not what OP needs but here is a version using PDO:

$conn = new PDO("mysql:host=$server;dbname=$dates", $name, $pass);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$insertCh = $conn->prepare("UPDATE sd_posted_waoodk SET rele = :rele, modo = :modo WHERE id = '1' ");
            $insertCh->bindParam(':rele', $rele, PDO::PARAM_STR);
            $insertCh->bindParam(':modo', $modo, PDO::PARAM_STR);

        $res = $insertCh->execute();
        if($res)
            echo "Valores actualizados";
        } else {
            echo "Error updating record";
        }

Prepared statements are better against SQL injection, that is why one should use them.

Happy coding.