How can I fix this UPDATE PHP script?

Question

// DETERMINE THE TABLE NAME

$update = "UPDATE table_abc SET client_notes=('$_POST[client_notes]') WHERE vendor_brand='brand123'";

if (!mysqli_query($con,$update))
{
die('Error: ' . mysqli_error($con,$update));
}
echo "Congrats! You've Added New Notes!";

mysqli_close($con);
?>`

When I run this script it comes out successfully with no SQL error message, but in MySQL the row isnt updated and become blank instead.

Any ideas on how to fix?

score 1 · Answer 1 · edited May 23 '17 at 11:43

1

Do not wrap your values in parenthesis. ('$_POST[client_notes]') should be '$_POST['client_notes']'

FYI, you are wide open to SQL injections. You need to fix that immediately.

edited May 23 '17 at 11:43

Community

1
1

answered Jan 19 '14 at 20:29

John Conde

217,595
99
455
496

score 0 · Answer 2 · answered Jan 19 '14 at 20:32

0

$update = "UPDATE table_abc SET client_notes='".$_POST[client_notes]."' WHERE vendor_brand='brand123'";

Replace the first line.

answered Jan 19 '14 at 20:32

codename_subho

456
8
22

How can I fix this UPDATE PHP script?

2 Answers2