SQL syntax check the manual that corresponds to your MariaDB server version for the right syntax to use near ''some.one@gmail.com' at line 1

Question

in my PHP

$qur = 'UPDATE customer SET cust_refreshtoken= ".$refreshcode.'" , cust_verify = "'.$date.'" , cust_refreshtoken_exp= "'.$today.'" WHERE cust_email= `'.$email.'` ';
if($redirect = $conn->query($qur)){
    echo "done";
}else{
    echo "error" . $conn->error;
}

where $refreshcode is sha512 hash and $date is sha1 $today is sha1 timestamp and $email is something like some.one@gmail.com

what can I do here ?

Wrong type of quoting around the email. Though you'd eliminate ALL quoting issues by switching to prepared statements and parameter binding. Here are the instructions for [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) and [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — aynber, Sep 15 '20 at 17:21
didnt get it :( plz help @aynber so i have . and @ in my mail so how it "UPDATE table SET id='1' , pass='password' WHERE email ='root.admin@gmail.com' " so any way to solve that ? i tried didnt get it for @ and . symbols :( — Rohit M, Sep 15 '20 at 18:00
The query in your code is using ticks, instead of single quotes. The query you posted in your comment looks correct. However, if you want to eliminate the possibility of quoting issues in your variables, use prepared statements by following the links I provided for the MySQL API that you're using. — aynber, Sep 15 '20 at 18:03

SQL syntax check the manual that corresponds to your MariaDB server version for the right syntax to use near ''some.one@gmail.com' at line 1

0 Answers0