MySQLi prepared update statement in PHP

Question

How do you write a prepared update statement? Reference: mysqli::prepare

I've tried writing it as described:

  if ($stmt = $mysqli->prepare("UPDATE tblFacilityHrs SET title =? description = ? WHERE uid = ?")){
            $stmt->bind_param('sss', $title, $desc, $uid2);

            //Get params
            $title=$_POST['title'];
            $desc=$_POST['description'];
            $uid2=$_GET['uid'];     

$stmt->execute();
            $stmt->close();
    }
    else {
        //Error
        printf("Prep statment failed: %s\n", $mysqli->error);
    }

Error:

Prep statment failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'description = ? WHERE uid = ?' at line 1 Edited row.

Answer 1

You're just missing a comma between the set columns:

UPDATE tblFacilityHrs SET title = ?, description = ? WHERE uid = ?
                                ^^^^^^

When MySQL reports an error the likes of check the manual for syntax to use near 'something , look most often to the character immediately preceding the 'something , as that is where your error occurs.

$sql = "UPDATE tblFacilityHrs SET title = ?, description = ? WHERE uid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sss', $title, $desc, $uid2);
$stmt->execute();

Answer 2

您可能需要添加逗号：

$stmt = $mysqli->prepare("UPDATE tblFacilityHrs SET title = ?, description = ? WHERE uid = ?"

Answer 3

You are binding the parameters before assigning them to variables:

$title=$_POST['title'];
$desc=$_POST['description'];
$uid2=$_GET['uid']; 

$stmt->bind_param('sss', $title, $desc, $uid2);

edit : scratch that, it doesn't appear to make a difference whether or not the parameters are bound before or after you have defined the variables (you learn something new everyday!), but like Michael said, logically it makes sense to define them first.