MySQL Update from PHP form

Question

As a novice MySQL user I tried to insert, but I just read on the MySQL documentation that you can only insert on blank rows. My UPDATE statement needs work though, and I'm not sure that I have the syntax correct.

$query3 = "UPDATE `offices` SET `scash`="$total" WHERE `officename`="$office"";

offices is the table name. scash is the row to be updated. $total is a variable pulled from a post. $office is a variable pulled from the same database. I only want to set scash to total where the officename is $office.

Parse error: syntax error, unexpected T_VARIABLE is the error I'm getting.

Answer 1

$query3 = "UPDATE `offices` SET `scash`='$total' WHERE `officename`='$office'";

Replace the double quotes with normal quotes in the string since double quotes are string delimiters and can't be used in the string.

And as Marc B mentioned your code might be vurnerable for SQL injections. See this post how you can avoid that.

Answer 2

You are going wrong at quotes

$query3 = "UPDATE `offices` SET `scash`="$total" WHERE `officename`='$office'";

Also always use LIMIT 1 if you want to update just a single row...

And sanitize your inputs before updating your row, atleast use mysqli_real_escape_string()

Answer 3

if you still want to use double quotes inside double quotes escape it..

your query can be modified as follows..

$query3 = "UPDATE `offices` SET `scash`=\"$total\" WHERE `officename`=\"$office\"";