UPDATE query php syntax

Question

I'm trying to do a UPDATE query in php and I get a syntax error

Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id = '30'' at line 1

 $sql = "UPDATE usuario SET nombre WHERE id = '$id_usuario'";
try {
    $stmt = $conn->prepare($sql);
    $result = $stmt->execute();
    if ($result) {
        echo "Ok";
    }
} catch (PDOException $e) {
    echo "Error: " . $e->getMessage();
    die;
}

the error is in the $sql = ... line. Thanks!

Your error does not belong with this query. The query you show is searching for `email`, while your error says it's searching for `id`. Unless $email contains `something' WHERE id = '30`, in which case you really ought to be using prepared statements and parameter binding. — aynber, Jan 21 '20 at 19:22

The Impaler · Accepted Answer · 2020-01-21T19:56:18.940

1

UPDATE usuario SET nombre WHERE id = '$id_usuario'

You didn't provide a new value to update. Your query should look like:

UPDATE usuario SET nombre = :new_name WHERE id = :id_usuario

edited Jan 21 '20 at 19:56

answered Jan 21 '20 at 19:27

The Impaler

45,731
9
39
76

Ok...just a neglect... – Chariot Jan 21 '20 at 19:30
2

This is wide open to [SQL injection](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Greg Schmidt Jan 21 '20 at 19:31
this is not the way using prepared statements same in question @Chariot See here for proper prepared statements in pdo or MySQL I : https://phpdelusions.net/pdo#prepared – Jan 21 '20 at 19:32

UPDATE query php syntax

1 Answers1