UPDATE query with parameters. PHP MySQL

Asked Apr 11 '16 at 21:03

Active Apr 11 '16 at 21:05

Viewed 15 times

I 'm trying to do the update general query . A function that receives the table , and the field and updated. The problem is that the query I have is generating an error.

    public function update($table,$set,$where){

    $sql="UPDATE $table SET $set WHERE $where";
    if($result=$this->mysqli->query($sql)){
        return $this->mysqli->insert_id;
    }
    else{
        throw new Exception("Error".$this->mysqli->error);
    }
}

The problem is that when I call the function generates an error:

    $table='mytable';
    $set='column=$mydata+5';
    $where="id=1";
    $this->db->update($table,$set,$where);

Uncaught exception 'Exception' with message 'ErrorUnknown column '$mydata' in 'field list''

edited Apr 11 '16 at 21:05

AbraCadaver

78,200
7
66
87

asked Apr 11 '16 at 21:03

geraqf

1

The variable `$mydata` isn't being substituted because you used single quotes when assigning to `$set`. – Barmar Apr 11 '16 at 21:05
**WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). – tadman Apr 11 '16 at 21:16

UPDATE query with parameters. PHP MySQL

0 Answers0