0

Following this syntax:

Here is generic SQL syntax of UPDATE command to modify data into MySQL table −

UPDATE table_name SET field1 = new-value1, field2 = new-value2 [WHERE Clause]

from https://www.tutorialspoint.com/mysqli/mysqli_update_query.htm

I made this:

$query = mysqli_query($MYSQL_CONNECT, "UPDATE forum_topics SET player_userid = ".$player_userid.", titulo = ".$titulo.", msg = ".$msg.", data = ".$data." WHERE UserID=".$inTopic."");
mysqli_query($MYSQL_CONNECT,$query);

But on line: 

mysqli_query($MYSQL_CONNECT,$query);

Is showing:

mysqli_query(): Empty query in /var/www/html/ucp/php_func/edit_topic.php on line 30

user3783243
  • 5,368
  • 5
  • 22
  • 41
VilmaH
  • 3
  • 2
  • Why are you trying to execute the query twice? The second attempt is entirely invalid, but it's also entirely unnecessary. – David May 23 '18 at 19:27
  • 1
    Do you understand that you run `mysqli_query` __twice__? – u_mulder May 23 '18 at 19:27
  • Strings need to be quoted. `$query` would be a result object IF the query worked, but it failed. You are probably open to SQL injections as well, parameterize the query. – user3783243 May 23 '18 at 19:28

2 Answers2

1

The main problem is that you're trying to execute your query twice. And the second attempt is invalid because, where it expects a string query, you're either passing it a result object or a boolean (if the first query failed).

Just execute your query once:

$query = mysqli_query($MYSQL_CONNECT, "...");

Then the value in $query will be the result.

Additionally, you have the problem that your code is open to SQL injection and you're not checking for errors. If mysqli_query() returns false you'd need to examine what went wrong by using mysqli_error($MYSQL_CONNECT), which returns the error as a string.

For the SQL injection problem, what you should be doing is treating values as values (query parameters) instead of as executable code (by concatenating them directly into the query). This is a great place to learn more about that. Note that SQL injection is not just a security concern but is also a very common source of errors and bugs. Since you're currently having exactly that problem, it's worth correcting.

David
  • 208,112
  • 36
  • 198
  • 279
-1

You should wrap your variables in single quotes, try: 

$query = mysqli_query($MYSQL_CONNECT, "UPDATE forum_topics SET player_userid = '".$player_userid."', titulo = '".$titulo."', msg = '".$msg."', data = '".$data."' WHERE UserID='".$inTopic."'");
Frank McGaw
  • 1
  • 1
  • True, but the error the OP is referring to is from `mysqli_query($MYSQL_CONNECT,$query);`. – user3783243 May 23 '18 at 19:29
  • Or use query parameters and avoid the problem (as well as other problems) altogether. Putting SQL-injectable code in answers is rarely a good idea. You also have *no* indication that this is even a problem with the existing code. You're assuming a table schema that we haven't been given. – David May 23 '18 at 19:29