PHP SQL Update Query syntax
Question
I'm working on my first PHP/MySQL project, and I've gotten basic logins and INSERT queries working, but not updates. This is my first update, which is just one row with a state and zipcode. Is anything wrong?
$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$state=$_POST['state'];
$zip=$_POST['zip'];
$custnum = 0;
$sql="UPDATE $tbl_name SET state = '$state', zip = '$zip', WHERE custnum = '$custnum'";
$result = mysqli_query($dbc, $sql)
or die('Error querying database.');
6 answers
solution1
4 2012-03-08 16:36:22
$sql="UPDATE {$tbl_name} SET state='{$state}', zip='{$zip}' WHERE custnum='{$custnum}'";
Remove the last comma before "WHERE" clause. Also, if you're just starting out it's good to put parenthesis around variables names when using double-quotes for strings. Helps you to distinguish the variables better.
Pekka is also correct in his comments, you are mixing mysql and mysqli functions. Use mysql_query() instead.
solution2
2 2017-03-08 05:58:17
$suitno =mysqli_real_escape_string($ecms,$_POST['suitno']);//protecting sql injection
$defendant=mysqli_real_escape_string($ecms,$_POST['defendant']);//protecting sql injection
$casenature=mysqli_real_escape_string($ecms,$_POST['casenature']);//protecting sql injection
$sql="UPDATE causelist SET suitno='{$suitno}',
casenature='{$casenature}' WHERE suitno='{$suitno}'";
$result = mysqli_query($ecms, $sql)
or die('Error querying database.');
solution3
2 2012-03-08 16:33:51
我认为您需要在WHERE之前删除逗号。
solution4
1 2012-03-08 16:34:53
$dbc = mysql_connect($host, $username, $password)or die("cannot connect"); //don't need quotes
mysql_select_db($db_name,$dbc)or die("cannot select DB"); //added the $dbc (connection link) as a second parameter
$state=mysql_real_escape_string($_POST['state']); //Should make it safe!
$zip=mysql_real_escape_string($_POST['zip']); //Should make it safe!
$custnum = 0;
$sql="UPDATE $tbl_name SET state = '$state', zip = '$zip' WHERE custnum = '$custnum'";
//removed an extra comma
//Notice that $tbl_name isn't defined!
u
$result = mysql_query($sql)
or die('Error querying database.'); //from mysqli to mysql
solution5
0 2014-02-04 12:12:22
if(isset($_POST['update'])) { $name=$_POST['name']; //echo $name; die; $surname=$_POST['surname'];
$upd="update table_name SET name='$name',surname='$surname' where id=$id";
mysql_query($upd);
}
solution6
0 2012-03-08 16:36:57
看起来像sql语法错误:在WHERE之前删除逗号
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.