0

This is the query i am writing for updating the data.

 $sql=makeSQL($myVals,$fieldsu,
        "update users set", 
        "where id='".mysql_real_escape_string($_POST["PID"])."'");

But i am getting an error as 

update users set'Amol','Kulkarni','amol@e10.in','amol','9870004268')Error Save [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Amol','Kulkarni','amol@e10.in','amol','9870004268')' at line 1]

Suggest me on this....

Santosh
  • 11
  • 3

2 Answers2

2

You have to specify which columns you want to set like this

update your_table set col1 = 'a', col2 = 'b' where id = 3

Your code is vulnerable to SQL injections. Please fix that problem first. See best way to prevent SQL injection in PHP

Community
  • 1
  • 1
juergen d
  • 201,996
  • 37
  • 293
  • 362
0

Try this:

$sql=makeSQL("update users set colname1=$myVals, cloname2=$fields
        where id='".mysql_real_escape_string($_POST["PID"])."'");

Notice the SET clause in the statement along with the values that need to be set.

Ren
  • 1,111
  • 5
  • 15
  • 24
Parmod kr. Pal
  • 21
  • 1
  • 4
  • i am trying this one but again i am getting an error as Error Save [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''u')' at line 1] – Santosh Nov 01 '12 at 10:28
  • Even as amended, you need to worry about converting `$myVals` and `$fields` into strings if the columns are strings, and worry about [SQL Injection](http://xkcd.com/327) even if they're not. The SQL syntax is more nearly well-formed, though. – Jonathan Leffler Nov 01 '12 at 10:41