0

After checking all the other stackoverflow, google posts with the same problem, cannot find the solution.

I am using pdo and php and I'm trying to Update the entries in a table. Could be the problem on other part of the code, but looks like some issue with the MYSQL.

Here the full message;

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error i
n your SQL syntax; check the manual that corresponds to your MariaDB server vers
ion for the right syntax to use near '('eggs','scrambled') WHERE (test@12.com)' at line 1<
/pre>


My code:



Insert.php



    public function newInputs(array $input_data) {

    $this->db->update('cli', 
        [
            'Food' => $input_data['newfood'],
            'Comment' =>$input_data['newcomment']

        ] ,

        [

            'email' =>$input_data['email']
        ]);


    echo "Data updated";
}




Database.php


    public function update(string $table, array $data, array $where){ 
    // array_keys(Returns all the keys of an array)

        $keys = array_keys($data);
        $placeholders = preg_filter('/^/', ':', $keys);
        # $email = preg_filter('/^/', ':', $data['email']);


    try {
        $query = $this->conn->prepare("UPDATE $table SET (" . implode(',', $placeholders) . ") WHERE (" . implode(',', $where) . ")");
        $query->execute($data);
    } catch (PDOException $e) {
        die("<pre>" . $e->getMessage() . "</pre>");
    }

}

Getting closer

Dimanche
  • 1
  • 3
  • 1
    Don't you think that `WHERE (Food,Comment)` is a __strange__ `where` clause? – u_mulder Feb 23 '19 at 18:09
  • Your `WHERE` clauses need to be separated. `WHERE Food = something OR Comment = something` for example (and that OR could be AND depending on your needs). – Dave Feb 23 '19 at 18:13
  • Also you pass __3__ arguments to `update` but in function definition there are __2__. Time to think and understand what your code is doing. – u_mulder Feb 23 '19 at 18:14
  • Ok, need to figure out how to provide only one value for the WHERE. Was thinking about the mail that's why the other argument. I have removed it. Wish me luck will continue with this - thanks guys – Dimanche Feb 23 '19 at 18:40
  • "Don't you think that WHERE (Food,Comment) is a strange where clause? " @u_mulder and @Dave it's not not really strange `WHERE (1, 2) = (1, 2)` is prefect valid MySQL code, other databases implement that with `ROW(1, 2) = ROW(1, 2)` and also `(.., ..) IN ((.., ..)[, (.., ..)])` is for example also prefect valid In MySQL see [demo](https://www.db-fiddle.com/f/78my6FYz8ZJ2UAHBFL1PcU/1) both constructs works with literals and columns – Raymond Nijland Feb 23 '19 at 20:06
  • .. the topicstarter looks like he is breaking the syntax himself by not generating the correct SQL code.. Also this is a very unsafe method (blind) SQL injection is pretty easy to do on this one because you never bind your variables [correctly](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Raymond Nijland Feb 23 '19 at 20:09

0 Answers0