-3
private function updatedata(){ 
foreach ($this->data as $key => $value) {
$updates[]="`" . $key . "` = $value";    
 }
 $datavalue=implode("," , $updates);
$query=("UPDATE `users` SET $datavalue WHERE `password`='123' ");
  $sql=  mysql_query($query);
  if(!$sql)throw new Exception('Error:in update statement');else return TRUE;}
echo_Me
  • 37,078
  • 5
  • 58
  • 78
user3801290
  • 15
  • 2
  • You forgot to mention the column you want to put the new data. `UPDATE users SET SOME_COLUMN = '$datavalue' WHERE password='123'` – juergen d Jul 03 '14 at 10:57
  • I'm guessing some of those `$value` values are strings? They need single quotes. You went to the trouble of quoting `$key` with backticks, but didn't quote `$value`. – Michael Berkowski Jul 03 '14 at 10:59
  • just read mysql_error() output mate – Peter Jul 03 '14 at 10:59
  • @juergend Look at the `$updates`-Array. There is the column. Maybe `$value` have to be like this: `'$value'`. – Yannici Jul 03 '14 at 11:00
  • Why do you use concatenation for `$key`, but substitution for `$value`? Be consistent, use one or the other. – Barmar Jul 03 '14 at 11:00
  • Further, we have to assume all the values in `$this->data` have already been correctly escaped against SQL injection. See [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and consider switching to an API supporting prepared statements, like PDO or MySQLi. The `mysql_*()` functions are now deprecated. – Michael Berkowski Jul 03 '14 at 11:01

1 Answers1

0

Try to set the $value variable inside '. If the string contains spaces it will throw an error. I also deleted the () brace at $query =.

private function updatedata()
{
    foreach ($this->data as $key => $value) {
        $updates[] = "`" . $key . "` = '$value'";
    }
    $datavalue = implode(",", $updates);
    $query = "UPDATE `users` SET $datavalue WHERE `password` ='123'";
    $sql = mysql_query($query);
    if (!$sql)
        throw new Exception('Error:in update statement');
    else
        return TRUE;
}

Also be carful with mysql_query, its depricated! Please use mysqli.

Yannici
  • 736
  • 5
  • 17
  • Please always provide notes and comments on what you specifically changed and why it matters. "Try this" with a block of similar code isn't always helpful to the OP or to future readers. – Michael Berkowski Jul 03 '14 at 11:03
  • thsnks all alot for your comment and answer thats solve the error – user3801290 Jul 03 '14 at 11:24