0

I am trying to update my third column value (option_value) with my database and code below:

database 

if(isset($_POST['settings_updatebtn']))
{
    $finerate= $_POST['fine_rate'];
    $issue_email = $_POST['issue_template'];
    $return_email = $_POST['return_template'];

    $query = "UPDATE
                settings
            SET
                option_value = CASE option_name WHEN 'finerate' THEN '$finerate' WHEN 'email_temp_issue' THEN '$issue_email' WHEN 'email_temp_return' THEN '$return_email'
            WHERE
                option_name IN (
                'finerate',
                'email_temp_issue',
                'email_temp_return'
                )";
    $query_run = mysqli_query($connection,$query);

    if($query_run)
    {
        $_SESSION['success']= "Your settings is updated";
        header('Location: systemsettings.php');    }
    else
    {
        $_SESSION['status']= "Your settings is NOT updated";
        header('Location: systemsettings.php');    }
}

However it shows query not running, is my SQL statement wrong in somewhere?

Carol H
  • 37
  • 5

1 Answers1

1

use END at the end of your case statement:

UPDATE
    settings
SET
    option_value = 
        CASE option_name 
            WHEN 'finerate' THEN '$finerate' 
            WHEN 'email_temp_issue' THEN '$issue_email' 
            WHEN 'email_temp_return' THEN '$return_email'
        END
WHERE
    option_name IN (
    'finerate',
    'email_temp_issue',
    'email_temp_return'
    )
draz
  • 793
  • 6
  • 10
  • 1
    this code is open to SQL injection and should be amended according to [this](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – treyBake Mar 26 '20 at 16:14