-1

I am currently stuck at the following line:

$sqlupdatetb = "UPDATE Text SET Texts = '$text' WHERE '$datetb' = Date AND WHERE $_SESSION['PrID'] = PrID";

I cannot find the error. It should add the text into the DB field Text if the Date and PrID matches... but all I get is:

 UPDATE Text SET Texts = 'DASDASD\r\nDAS\r\nS\r\nSDSDAS\r\ndasdasdas' WHERE '' = Date

Can someone please explain to me where the error is and what it is?

Reun
  • 5
  • 3
  • you posted this similar one earlier http://stackoverflow.com/q/42190881/1415724 – Funk Forty Niner Feb 12 '17 at 20:40
  • 1
    you cant have `WHERE` twice –  Feb 12 '17 at 20:40
  • 2
    you **really** need to read the manuals and the good tutorials – Funk Forty Niner Feb 12 '17 at 20:40
  • `WHERE '' = Date` which translates to `WHERE empty/nothing = Date`; what are you trying to do here?? – Funk Forty Niner Feb 12 '17 at 20:41
  • @nogad Oh, for crying outloud; I didin't even see that. I truly am the blind one *lol* – Funk Forty Niner Feb 12 '17 at 20:46
  • @Fred-ii- so bad its hard to cache em all :-) –  Feb 12 '17 at 20:46
  • 1
    Classic case of RTFMs https://dev.mysql.com/doc/refman/5.7/en/select.html --- https://dev.mysql.com/doc/refman/5.7/en/where-optimization.html – Funk Forty Niner Feb 12 '17 at 20:47
  • really nice sql injection btw; have fun recuperating your db later on, and no idea why you're using `\r\n` - terrible code, simply awful – Funk Forty Niner Feb 12 '17 at 20:48
  • @Fred-ii- yes, its similiar but not the same... I guess.. since I am still at it and new questions keep popping up. nogad thanks , removed the last. Fred-ii- I have a select field in which the User selects the date he wrote something and wants to edit it. That date is $_POST['Date'] and later $datetb. It should paste the selected date in there and search for it in the db – Reun Feb 12 '17 at 20:50
  • @Fred-ii- Thanks... Well SQL Injection here or there, the site wont go anywhere Online. I am a beginner in PHP and MySQL and I am learning it, for that purpose that "site" exists currently. – Reun Feb 12 '17 at 20:52
  • If you're leaning, learn it the right way from the get-go - learn how to use prepared statements with placeholders, it's not something just for "advanced programmers", its something every programmer should know. – Qirel Feb 12 '17 at 21:12
  • @Qirel I know that now, he might have been able to tell me in a nicer way but whatever, I will change it later on. But first when I cant even get this right, I wont start the next thing. But thanks for your advice, really appreciate it :) – Reun Feb 12 '17 at 21:16

1 Answers1

0

In this query:

UPDATE Text SET Texts = 'DASDASD\r\nDAS\r\nS\r\nSDSDAS\r\ndasdasdas' WHERE '' = Date

shouldn't there be a value to compare to Date? something like

 UPDATE Text SET Texts = 'DASDASD\r\nDAS\r\nS\r\nSDSDAS\r\ndasdasdas' WHERE '*some_value*' = Date

Also, what are the fields of your text table? Show us more code so we can help you better :D

ScaisEdge
  • 131,976
  • 10
  • 91
  • 107
Rafael
  • 16
  • 1
  • `WHERE '*some_value*' = Date` don't look kind of backwards? – M. Eriksson Feb 12 '17 at 20:51
  • Yeah, there should be some value compared to it, the value is taken from a previous $variable, apparently it wont show there :/ What do you mean fields of your text table? The text table is a simple textarea where the user can Input. – Reun Feb 12 '17 at 20:58
  • What fields your database table, called Text, have? Can you show more of your code? – Rafael Feb 12 '17 at 21:39