0

I'm new to PHP and MySQL and I'm struggling with the problem below:

$sql = "UPDATE Pharm_Log set text = ". $bloodtest . " WHERE patient = " . $patientid .;
    if(is_resource($sql) and mysql_num_rows($sql)>0){

The problem occurs when I try to close my SQL statement. I know it's something to do with brackets and semi colons but every time I change one thing, it messes up another. Could somebody please help me?

Mischa
  • 42,876
  • 8
  • 99
  • 111
user2064630
  • 7
  • 1
  • 1
    I think it is the last dot just before the semi colon, try removing that – bhttoan Feb 12 '13 at 12:08
  • 1
    Also, `$sql` is a string, not a resource. You need to execute the query first to get a resource. And `mysql_num_rows()` is not suitable for UPDATE queries. – Arjan Feb 12 '13 at 12:11
  • All `mysql_*` functions are deprecated. Use `mysqli` or `PDO` functions instead. – Arjan Feb 12 '13 at 12:14
  • If any of the answers helped your, please mark the answer as accepted. – Kim Kling Feb 06 '14 at 20:24

5 Answers5

1

here are the things you need to do:

  • remove the last period before the semi colon
  • wrap the string literal with single quotes
  • execute the query using mysql_query

code:

$sql = "UPDATE Pharm_Log set text = '$bloodtest'  WHERE patient = " . $patientid;
$result = mysql_query($sql);
if(is_resource($result ) and mysql_num_rows($result )>0) { ... }

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

Community
  • 1
  • 1
John Woo
  • 258,903
  • 69
  • 498
  • 492
1

Remove the dot before the semicolon.

Desty Nova
  • 34
  • 1
1

Yeah its the last . thats causing a syntax error. Plus you need to surround non int values in quotes, Also its important that you dont forget to add mysql_real_escape_string else problems will arise, you should also use PDO or mysqli with prepared querys. 

<?php 
$sql = "UPDATE Pharm_Log 
        SET `text`='".mysql_real_escape_string($bloodtest)."' 
        WHERE patient = '".mysql_real_escape_string($patientid)."'";
?>
Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
1

Firsdt, remove the last dot on the first line, since you aren't connecting any string at the end. Should look like this:

$sql = "UPDATE Pharm_Log set text = ". $bloodtest . " WHERE patient = " . $patientid;

Are you doing a query to the SQL server? If not, the variable $sql doesn't do anything, so add:

$result = mysql_query($sql);

And change your last code line to process the result of the query instead

if(is_resource($result) && mysql_num_rows($result) > 0)
Kim Kling
  • 751
  • 4
  • 5
0

You dont need . at the end. Change it into,

$sql = "UPDATE Pharm_Log set text = ". $bloodtest . " WHERE patient = " . $patientid;
Edwin Alex
  • 5,118
  • 4
  • 28
  • 50