0

What is wrong with my code to update sql database the table is Informatie and i need to update the field Text.

$info =  nl2br($_POST["info"]);
    echo $info."<br>";
    $infoid = $_POST["infoid"];
    echo $infoid;
    echo "<br>Info ID : $infoid";
    $sql = "UPDATE Informatie set Text = $text WHERE InfoId = $infoid";
    $query = mysql_query("$sql");

the echo $info and $infoid are correct.

i tryd 

$sql = "UPDATE Informatie set Text = $text WHERE InfoId = '$infoid'";

also but it didnt work to

John Woo
  • 258,903
  • 69
  • 498
  • 492
Sven van den Boogaart
  • 11,833
  • 21
  • 86
  • 169

3 Answers3

1

string values must be quoted.

$sql = "UPDATE Informatie SET Text = '$text' WHERE InfoId = $infoid";

if InfoID is also a string, then you also need to wrap it with single quotes.

$sql = "UPDATE Informatie SET Text = '$text' WHERE InfoId = '$infoid'";

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

Community
  • 1
  • 1
John Woo
  • 258,903
  • 69
  • 498
  • 492
0
$sql = "UPDATE Informatie set Text = '$text' WHERE InfoId = '$infoid'";
Vijay Verma
  • 3,660
  • 2
  • 19
  • 27
0

Apart from the quoting of strings, you seem to mix up the variable names; I am guessing that $text should be $info:

$sql = "UPDATE Informatie set Text = '" . mysql_real_escape_string($info) . "'
          WHERE InfoId = '" . mysql_real_escape_string($infoid) . "'";

Note that you need to escape your string to avoid your query from breaking if the text contains for example a ' character.

But you really should switch to PDO (or mysqli) and prepared statements with bound variables.

jeroen
  • 91,079
  • 21
  • 114
  • 132