-1

I am trying to update my DB using PHP string

        $sql = "UPDATE client_account 
                status = '".$status."'
            WHERE client = '".$client."'"

if ($conn->query($sql) === TRUE) {
    echo " Notes ";
} else {

      echo "Notes";
    die;
}

I keep on getting error saying syntax error, unexpected 'if' (T_IF) in

All I want to do is update a row using the WHERE query and just update the one coulomb

Trevor Ackermann
  • 53
  • 7
  • $sql = "UPDATE client_account SET status = '$status' WHERE client = '$client'"; if ($conn->query($sql)) { echo "Notes"; } else { echo "Notes"; die; } – Eddwin Paz Oct 09 '17 at 19:26
  • Double Quotes in python does not require single quote for variables.. but single quotes does require for variables. take that in mind for the future. – Eddwin Paz Oct 09 '17 at 19:27

1 Answers1

4

You need to have SET in your update query.

$sql = "UPDATE client_account 
           SET status = '".$status."'
        WHERE client = '".$client."'";

Edit: Semi-colons are important, too... whoops.

NOTE: Thanks to @GrumpyCrouton for pointing this out, this method is susceptible to SQL injection attacks. See his comment below and here: How can I prevent SQL injection in PHP?

justiceorjustus
  • 2,017
  • 1
  • 19
  • 42
  • 1
    And add a `;` in the end. – u_mulder Oct 09 '17 at 19:17
  • @u_mulder Good call. The semi-colon was the true culprit. – justiceorjustus Oct 09 '17 at 19:19
  • Thanks yes found the ; at end and forgot the SET thanks – Trevor Ackermann Oct 09 '17 at 19:21
  • 1
    [Little Bobby](http://bobby-tables.com/) says the code in your answer is **[may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. **Please** _add a warning about this_, and you should include information on [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php). – GrumpyCrouton Oct 09 '17 at 19:50
  • @GrumpyCrouton Geez, it's been so long since I've stopped doing OP's method and PHP in general that I forgot why this method was bad. Thankfully I've moved on to Entity Framework in ASP.NET MVC. Good point! – justiceorjustus Oct 09 '17 at 19:54