-2

I would like to change data from my mysql database ... but it does't work.

Here is the script: 

<?php
session_start();

$con = mysql_connect("localhost", "...", "...");
mysql_select_db('chat',$con);
$uname = $_SESSION['username'];

mysql_query("UPDATE users SET disabled = 'yes' WHERE userame = $uname");

mysql_close($con);

header("Location: logout.php");

?>

How can I update the data? Thanks for your help!

John Conde
  • 217,595
  • 99
  • 455
  • 496
Intera
  • 33
  • 1
  • 7

2 Answers2

3

You forgot to put single quotes around your string value:

mysql_query("UPDATE users SET disabled = 'yes' WHERE username = '$uname'");

FYI, you shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

You may also be open to SQL injections depending on how you obtain the value conained within $_SESSION['username'].

Zoe
  • 27,060
  • 21
  • 118
  • 148
John Conde
  • 217,595
  • 99
  • 455
  • 496
0

Change:

mysql_query("UPDATE users SET disabled = 'yes' WHERE userame = $uname");

To:

mysql_query("UPDATE `users` SET `disabled` = 'yes' WHERE `userame` = '$uname'"); // userame might be username.

Add the back tacks around the column names because otherwise you could have an error of using a mysql reserved word. Also the quotes around $uname are important because otherwise it might not be a string.

SuperDJ
  • 7,488
  • 11
  • 40
  • 74