can i ask your hel for this query

Question

        $pdo=preparedbuser();
        $check = $pdo->prepare('UPDATE adress SET city="?", adres="?", number="?", postalcode="?" WHERE id_FK="?"');
        $check->bindParam(1, $city, PDO::PARAM_STR);
        $check->bindParam(2, $adres, PDO::PARAM_STR);
        $check->bindParam(3, $number, PDO::PARAM_STR);
        $check->bindParam(4, $postalcode, PDO::PARAM_INT);
        $check->bindParam(5, $user, PDO::PARAM_INT);
        $check->execute();
        if ($check->rowCount() > 0){
          echo'inserito';

The UPDATE query don't work. the variables I replace in the query are correct. the database is correctly set. My sql doesn't return any errors; and trying to copy and paste the query in the My sql panel (with the necessary replacements) works. Can someone help me? Thanks

Answer 1

You don't need quotes when using parameters:

$check = $pdo->prepare('UPDATE adress SET city=?, adres=?, number=?, postalcode=? WHERE id_FK=?');

The database engine knows the types and will handle them accordingly. That's one of the key benefits of using prepared statements with query parameters is to let the database engine handle it. In fact, you're already telling PDO what the types are with these:

PDO::PARAM_STR

---

Side note: A postal code should not be an integer/numeric value, as you're doing here:

$check->bindParam(4, $postalcode, PDO::PARAM_INT);

A postal code is a string. In many countries (such as in the US where I live) postal codes are numeric characters (though here they may include a hyphen for the +4 format), but in many countries they may be alphanumeric. Much like a phone number, even though it looks like numbers it is still a string. (I doubt you plan on performing math with postal codes. And truncating leading zeroes can be problematic.)