Adding 1 to a field in MySQL

Question

I have a MySQL query I'm running. I want to add 1 to a field called articleswritten.

I get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' SET articleswritten = articleswritten + 1 WHERE id = '1'' at line 1

Code:

$sql = "UPDATE 'users' SET articleswritten = articleswritten + 1 WHERE `id` = '$userid'";
$result = mysql_query($sql) or die(mysql_error());

I can't find an issue. Am I blind?

Any help would be appreciated.

`users` is a table name and should therefore not be quoted in single quotes. `UPDATE users SET ....` It can be optionally quoted with backticks. — Michael Berkowski, Mar 18 '13 at 01:20
See http://stackoverflow.com/questions/11321491/mysql-when-to-use-single-quotes-double-quotes-and-backticks — Michael Berkowski, Mar 18 '13 at 01:21

score 0 · Answer 1 · answered Mar 18 '13 at 01:58

This should either be

UPDATE `users`

Or just

UPDATE users

The single quotes make the table name invalid. Everything else in the query is okay.

However, your query is vulnerable to injection. Instead of using ext/mysql, you should use properly parameterized queries with PDO or mysqli

score 0 · Answer 2 · answered Mar 18 '13 at 01:58

0

You don't need to single quote the table name here. This should do

$sql = "UPDATE users SET articleswritten = articleswritten + 1 WHERE id = '$userid'";

answered Mar 18 '13 at 01:58

Hanky Panky

46,730
8
72
95

Adding 1 to a field in MySQL

2 Answers2