How to use Var Dump to update SQL record using $_POST

Question

I want to send input data from a form on publish.php to updateCopy.php that will then update the "postCopy" column on my SQL database.

Here's my code so far:

publish.php

<form action="\.\.\updateCopy.php" method="post" id="newCopy">
<input type="text" name="postCopy">
<input type="submit">
</form>

updateCopy.php

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "main";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "UPDATE posts SET postCopy= var_dump ($_POST["postCopy"]); WHERE id=123456789";

if ($conn->query($sql) === TRUE) {
    echo "Record updated successfully";
} else {
    echo "Error updating record: " . $conn->error;
}

$conn->close();
?>

When I attempt to run this process I get the following error:

Parse error: syntax error, unexpected '"', expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

Is anyone able to tell me how I can effectivley use var_dump ($_POST["postCopy"]); to include the updated postCopy info and then update my SQL db?

PS. Learn to use prepared statements with bind variables, or learn how easy SQL injection is to trash your database — Mark Baker, Dec 27 '17 at 00:11
Honestly, I'm with @MarkBaker here; I don't know why you even would want to do that. So tell us; why? — Funk Forty Niner, Dec 27 '17 at 00:14
what is `var_dump()` doing inside the `sql` statement something fishy — Muhammad Omer Aslam, Dec 27 '17 at 00:16
I was not aware that using var_dump() is a silly way of getting the data from the form to the sql statement. But thanks to @MarkBaker for getting me on the right path to make this work. — Andrew Bentley, Dec 27 '17 at 00:19

score 1 · Answer 1 · answered Dec 27 '17 at 00:26

1

Don't know why are you trying to use var_dump to execute the SQL statement, that makes no sense, and then a ; too that will terminate the sql, if you talk about the error

$sql ="UPDATE posts SET postCopy= var_dump ($_POST["postCopy"]); WHERE id=123456789";

change it to

$sql ="UPDATE posts SET postCopy= '".$_POST['postCopy']."' WHERE id=123456789";

and the error will go away.

Note : This is not the optimal way and an open invite to sql injection, you should use prepared statements and parameterized queries either use PDO or MYSQLI

answered Dec 27 '17 at 00:26

Muhammad Omer Aslam

22,976
9
42
68

I'll do some more research! Thanks for your help, I think this has me headed in the right direction- using the optimal solution. – Andrew Bentley Dec 27 '17 at 00:30
you are welcome @AndrewBentley glad i was of some help. – Muhammad Omer Aslam Dec 27 '17 at 00:35
you can mark the answer as selected if it works for you so that others might also get help who are facing the similar problem – Muhammad Omer Aslam Dec 29 '17 at 10:11

How to use Var Dump to update SQL record using $_POST

1 Answers1