Error in SQL UPDATE query

Question

$result = mysql_query("UPDATE categories
        SET cd_title='$docuTitle' , cd_link='$linkTitle'
        WHERE c_name='$catID'");

What is wrong with this update query?

The query looks fine. Please be more specific. – Gumbo Jul 16 '09 at 14:02 — Gumbo, Jul 16 '09 at 14:02
What's the error given? mysql_error () should output it. – Meep3D Jul 16 '09 at 14:04 — Meep3D, Jul 16 '09 at 14:04
Are your variables properly escaped? – niteria Jul 16 '09 at 14:06 — niteria, Jul 16 '09 at 14:06

score 2 · Answer 1 · edited May 23 '17 at 10:32

2

There is probably something wrong with the data in your variables — but we can't see what they contain.

You should be using parameterized queries, which would deal with any odd characters in your data that might mess up the statement.

See How can I prevent SQL injection in PHP? and When are the most recommended times to use mysql_real_escape_string()

edited May 23 '17 at 10:32

Community

1
1

answered Jul 16 '09 at 14:08

Quentin

914,110
126
1,211
1,335

score 0 · Answer 2 · answered Jul 16 '09 at 14:08

I would change the query to this, to avoid errors if input contains apostrophes:

$result = mysql_query(
    "UPDATE categories SET
         cd_title='" . mysql_real_escape_string($docuTitle) . "',
         cd_link='" . mysql_real_escape_string($linkTitle) . "'
     WHERE
         c_name='" . mysql_real_escape_string($catID) . "'");

score 0 · Answer 3 · answered Jul 16 '09 at 14:42

0

If your data is sanitized, remove the single quotes from around the php variables.

answered Jul 16 '09 at 14:42

superUntitled

22,351
30
83
110

Error in SQL UPDATE query

3 Answers3