Second query doesn't work

Question

First query works fine but the second query doesn't update the database. I can't find the error.

<?php
if (isset($_GET['id'])) {
    $editdes = $_GET['id'];
    $con     = mysqli_connect("localhost", "user", "password", "Destinos");
    $con1    = mysqli_connect("localhost", "user", "password", "var");
    // Check connection
    if (mysqli_connect_errno()) {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    mysqli_query($con, "UPDATE Destinos SET Precio=730 WHERE Destino='$editdes'");
    mysqli_query($con1, "UPDATE var SET variable='$editdes' WHERE variable= * ");


    mysqli_close($con);
}
?>

And this is why you should be checking the result from `mysqli_query`. The error message for the failed query would have told you that `variable = *` is invalid syntax. — cHao, Jul 25 '14 at 06:53
**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jul 25 '14 at 06:56
What is `variable= *` supposed to mean? Also you should prepare, and if possible use one database. — Dave Chen, Jul 25 '14 at 06:56
@JohnRobertson: It should succeed, at least, assuming `Destinos` is a table. Whether it does what was intended, though, depends on the types of `Precio` and `Destino`. — cHao, Jul 25 '14 at 06:57
i've just removed the `WHERE variable = '*'` and it worked just fine. — Hugo Martinez, Jul 25 '14 at 07:03

score 3 · Answer 1 · edited May 23 '17 at 12:11

3

* is a string if used as value of a field and should be quoted

UPDATE var SET variable='$editdes' WHERE variable= '*'

Very Important: How can I prevent SQL injection in PHP?

edited May 23 '17 at 12:11

Community

1
1

answered Jul 25 '14 at 06:56

Hanky Panky

46,730
8
72
95

Second query doesn't work

1 Answers1