0

I'm having trouble updating my postgressdb using update clause where itemid = "$_get['itemid'];

here's my sql code but it returns Warning: pg_query(): Query failed: ERROR:

$sql="UPDATE tbl_item SET itemname='".$_POST['ItemName']."', highqntythreshold='".$_POST['HQThreshold']."', lowqntythreshold='".$_POST['LQThreshold']."', qntyperunit='".$_POST['QPUnit']."', itemtype='".$_POST['IT']."', description='".$_POST['Description']."', WHERE itemid='". $_GET['itemid'] . "';";
$iteminfo = pg_query($sql);

and it also returns "Warning: pg_affected_rows() expects parameter 1 to be resource, boolean given in D:\Wamp\wamp\www\Php\CTea\UpdateItem.php on line 303"

    if(pg_affected_rows($iteminfo)==1)
{
$msg = "Successfully added new Item, ".ucfirst($_POST['ItemName'])."!";         
}
else
{
$msg = "Error: in saving Item data!...";
}

i think i messed up something but can't figure it out where and what i messed up.

Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
blackmaler
  • 119
  • 1
  • 1
  • 10
  • Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). – Gumbo Mar 23 '14 at 12:49

1 Answers1

1

The problem is (at least) in this part:

$_POST['Description']."', WHERE itemid='". $_GET['itemid'] . "'

There is a comma before the where, so you want:

$_POST['Description']."' WHERE itemid='". $_GET['itemid'] . "'

In general, though, you should just print out the query string after variable substitution. About 98% of the time, the error is obvious and you can fix it quickly.

Gordon Linoff
  • 1,242,037
  • 58
  • 646
  • 786