1

Im trying to run the following code but it is giving me a strange error..

$result = $db->query("UPDATE `items` 
          SET `item_label`= ".$title.", 
              `item_quantity`=".$quantity.", `item_price`=".$price."
          WHERE `item_id` = ".$_POST['id']);

If i remove the item_label = ".$title.", from the above code it works perfectly and successfully updates the quantity and price of the given row. e.g.

$result = $db->query("UPDATE `items` 
          SET `item_quantity`=".$quantity.",
              `item_price`=".$price." 
         WHERE `item_id` = ".$_POST['id']);

when I run the code containing the item_label section it fails to set the item_label. and it gives the following error message..

Unknown column 'Updated Text' in 'field list'

Now the "Updated Text" is the value of $title.

Im baffled as to how / why it is viewing this content as a column header!?

any ideas as to why this would happen?

Hamza Zafeer
  • 2,360
  • 13
  • 30
  • 42
AndrewBramwell
  • 494
  • 1
  • 7
  • 26
  • 5
    (1) If you print out the SQL after parameter substitution, the error is obvious 95% of the time. (2) Use parameters rather than munging the strings. (3) You probably are missing single quotes around one of the values (see (2)). – Gordon Linoff Mar 19 '16 at 17:27
  • You aren't wrapping the text in any quotation marks, therefore when it executes it looks like "UPDATE items SET `item_label`=Updated Text, `item_quantity`....". Further, the benefit of using mysqli is to take advantage of bindings to prevent SQL injection attacks. See this answer for more info: http://stackoverflow.com/a/6514730/870729 – random_user_name Mar 19 '16 at 17:27

1 Answers1

1

Since its a String you should give quotes around the $title

I would have done something like below 

$result = $db->query("UPDATE items SET item_label = '".$title."', item_quantity=$quantity,item_price=$price WHERE item_id =$_POST['id']");
Sachin
  • 2,627
  • 1
  • 19
  • 35