0

I want to update a column using 3 variables but I dont know the syntax. My code goes like this:

   $var1 = $_POST['val1'];
   $var2 = $_POST['val2'];
   $var3 = $_POST['val3'];
   $sqlupdate="UPDATE table1 SET col1= $var1.' '.$var2.' 
    '.var3";
   If(mysqli query($conn, $sqlupdate){
       echo "updated";
   }
Noctis Lucis Caelum
  • 1
  • 4
  • 5
    Concatenate the 3 variables before the query – Sfili_81 Feb 14 '19 at 16:25
  • 7
    Please read about [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection). Instead of building queries with string concatenation, use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Feb 14 '19 at 16:25
  • https://www.w3schools.com/sql/sql_update.asp – Russ J Feb 14 '19 at 16:26

2 Answers2

0

You can concat all three variables and then update. Like this 

   $col1 = $_POST['val1']." ".$_POST['val2']." ".$_POST['val3'];
   $sqlupdate="UPDATE table1 SET col1 = $col1";
   If(mysqli_query($conn, $sqlupdate){
       echo "updated";
   }

Please check about SQL injection before using post value as it is. Hope it helps you.

Rohit Mittal
  • 2,064
  • 2
  • 8
  • 18
0

It is not really clear what you are trieing to do. But if you want to assing the concatinate string to a column, you have to set single qoutes arraund it:

$sqlupdate="UPDATE table1 SET col1= '$var1 $var2 var3";

Of couse you should change to prepared statements to prevent sql injection

Jens
  • 67,715
  • 15
  • 98
  • 113