MySQL PHP - Can't update text

Question

The table user_content has the columns id, context_text, email_last_edit.

This is my update method:

$content_text1 = utf8_decode($_POST['content_text1']);
$conn = new mysqli($servername, $username, $password, $dbname);
  // Check connection
  if ($conn->connect_error) {
    die("Datenbankverbindung fehlerhaft: " . $conn->connect_error);
  }

  $sql = 'UPDATE user_content SET content_text="' . $content_text1 . '" AND email_last_edit="' . $email . '" WHERE id=1';

  if ($conn->query($sql) === TRUE) {

    //echo "New record created successfully";

  } else {

    echo "Datenbank-Fehler: " . $sql . "<br>" . $conn->error;

  }

  $conn->close();

I send this text via post to the same php page:

<h1><b>Mitglied</b></h1><br><b>Community</b>
<b>Kurzprofil</b>,ß<b>Community-Bereich</b<b>Chats</b>.

Unfortunately, every update the column content_text becomes 0. I think it is a problem with the special characters in the text, but uft8_decode() does anyhow not fix this problem.

Does anyone know a solution to this? Thanks a lot :)

RTM https://dev.mysql.com/doc/refman/5.7/en/update.html - it's a typo error. — Funk Forty Niner, Mar 19 '17 at 23:12
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Mar 19 '17 at 23:12

score 0 · Accepted Answer · answered Mar 19 '17 at 23:18

0

Change your query by

$sql = 'UPDATE user_content SET content_text="' . $content_text1 . '" , email_last_edit="' . $email . '" WHERE id=1';

Removed 'AND' and replaced with ','

You have to escape parameters too for security reasons

answered Mar 19 '17 at 23:18

Incognito

133
1
10

MySQL PHP - Can't update text

1 Answers1