Mysqli update query dosn't work

Question

So I have this query here that isn't working, the table exist, the data is loaded correctly, the userid exists what is wrong?

 $sql = 
sprintf("
UPDATE leagueoflegends 
   SET solotier = '%s'
     , solotiername = '%s'
     , winssolo = %d
     , lossessolo = %d
     , ranksolo = '%s'
     , lpsolo = %d 
 WHERE accountId = %d"
, $solotier
, $solotiername
, $winssolo
, $lossessolo
, $ranksolo
, $lpsolo
, $accountid
);
$db->query($sql);

`%s` seems python style of formatting string. haven't seen such param injection in php.. weirdoo -)) — marmeladze, Jun 03 '17 at 11:26

score -1 · Answer 1 · answered Jun 03 '17 at 11:28

-1

So my solotiername variable had a ' in it and broke the query.

answered Jun 03 '17 at 11:28

Andrei Serban

1

2

Time to parameterize that query. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php... and/or use error reporting http://php.net/manual/en/mysqli.error.php – chris85 Jun 03 '17 at 11:29
even though this is your solution; it's of low quality and it should be updated with a better answer including what you did exactly to fix it. The question was also closed based on this, due to the sql injection. – Funk Forty Niner Jun 03 '17 at 11:34
you could have also been responsive in the comments area; they are just as helpful as answers. – Funk Forty Niner Jun 03 '17 at 11:34

Mysqli update query dosn't work

1 Answers1