Updating columns in php ?

Question

I apologise if I’m asking this question wrong I’m new to stackoverflow and to php.

I'm trying to update my database with new values being a title and contents. Each row has a ID. I want to update the info at only that ID row. This is the statement that i'm using. Which isnt working could anyone offer me some advice please ?`

  $updateBlog = $c->query("UPDATE blog SET ( title, content) VALUES ('$updateTitle', $postContent ) WHERE id = $updateID");

As `$postContent` is likely a string, it needs to be quoted in your SQL — Mark Baker, Jan 19 '16 at 21:50
Your `UPDATE` syntax is *all* wrong. Looks like you're trying to do an `INSERT` instead. — Jay Blanchard, Jan 19 '16 at 21:51
Better yet, learn to use prepared statements/bind variables using MySQLi or PDO.... it is 2016 now, after all, so why inject data values directly into your SQL statements and have to remember to escape values and all the other overheads that entails — Mark Baker, Jan 19 '16 at 21:51
`UPDATE blog SET title='My Title', content= 'My content' WHERE id=1` =>`UPDATE blog SET title=?, content= ? WHERE id=?` — Mark Baker, Jan 19 '16 at 21:52
When you get something that `isnt working` you should try to get an error out of it so you have something to work with, http://php.net/manual/en/mysqli.error.php. — chris85, Jan 19 '16 at 21:58
Many thanks for all of your feedback I really appreciate it, I will look into PDO. Again i'm just getting used to the basics. — Jake, Jan 19 '16 at 22:22

score 1 · Accepted Answer · edited May 23 '17 at 12:33

1

You query syntax is not right for an UPDATE and you'rre missing the quotes around your second variable:

UPDATE blog 
SET title = '$updateTitle',
content = '$postContent'
WHERE id = $updateID

This will make your statement look like this:

$updateBlog = $c->query("UPDATE blog SET title = '$updateTitle', content = '$postContent' WHERE id = $updateID);

Leaving your query like this opens you to risk for SQL Injection Attacks. You really should learn about prepared statements for PDO and MySQLi.

edited May 23 '17 at 12:33

Community

1
1

answered Jan 19 '16 at 21:52

Jay Blanchard

34,243
16
77
119

1

Thank You very much worked. I will research SQL injections – Jake Jan 19 '16 at 22:22

score -1 · Answer 2 · answered Jan 19 '16 at 21:51

-1

  $updateBlog = $c->query("UPDATE blog SET ( title, content) VALUES ('{$updateTitle}', {$postContent} ) WHERE id = {$updateID}");

You should REALLY look into some input validation and cleaning for your values though. If this is coming straight from a user input it's highly susceptible to SQL Injection.

answered Jan 19 '16 at 21:51

MichaelWClark

382
1
12

ahh, i didn't even look at the sql. I thought it was an interpolation issue. – MichaelWClark Jan 19 '16 at 21:57
Thank you very much will look into validation – Jake Jan 19 '16 at 22:23

Updating columns in php ?

2 Answers2