0

Somehow I get my sql error while trying to update a record in my sql db

Here's my current code

html form:

<html>
<head>
<title>title here</title>
</head>
<body>
<form action="end.php" method="POST">
<input type="text" id="comment" name="comment" placeholder="Kommentar"><p>
<input type="submit" value="Stop arbejde">
</form>
</body>
</html>

end.php

<?php
$host="localhost";
$username="root";
$password="password";
$db_name="db";
$tbl_name="log";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$comment=$_POST['comment'];
$datetime=date("y/m/d H:i:s");
$editit=date("W/D");

$sql="UPDATE log SET end=$datetime, comment=$comment WHERE editid='$editit'";
$result=mysql_query($sql);

if($result){
echo "Successful<BR>";
}
else {
echo "Fejl";
}
mysql_close();
?>

What am I doing wrong since I get that error "Fejl" ?

Emil Elkjær
  • 685
  • 1
  • 9
  • 31

2 Answers2

7

string must be wrap with single quotes

$sql="UPDATE log SET end='$datetime', comment='$comment' WHERE editid='$editit'";

but your query is prone to SQL Injection. please take time to read the article below

Community
  • 1
  • 1
John Woo
  • 258,903
  • 69
  • 498
  • 492
0

The variable names in $sql should be inside single inverted comas.

$sql="UPDATE log SET end='$datetime', comment='$comment' WHERE editid='$editit'";

And also, you should remove paragraph tag from html code in form tag.

silverflash
  • 386
  • 1
  • 3
  • 13