0

Stupid title I know. I have this:

$x = array_keys($_POST);
foreach($x as $y) {

 $query = "UPDATE * FROM  events (PromotionalTimeLine = "$_POST[$y]" WHERE EventID='$y'";
  $result = mysql_query($query);
  print_r($result);

}

I need to update only the PromotionalTimeLine cell for specific rows with $y as their EventID. Will this do that?

Joel
  • 2,691
  • 7
  • 40
  • 72

3 Answers3

4

No, You have mysql syntax error with update query.

$query = "UPDATE events 
          SET PromotionalTimeLine = '".mysql_real_escape_string($_POST[$y])."' 
          WHERE EventID='".$y."'";
Shakti Singh
  • 84,385
  • 21
  • 134
  • 153
0

You string concatenation has some problems. It should be 

$query = "UPDATE events SET PromotionalTimeLine = '" .$_POST[$y]. "' WHERE EventID='".$y."'";

And also you have not sanitized your input, Which I'd advise you to do so the cose is not vulnerable to SQL injection or similar attacks. Here is an detailed post on sanitizing input - What's the best method for sanitizing user input with PHP?

Community
  • 1
  • 1
Balanivash
  • 6,709
  • 9
  • 32
  • 48
-1

Incidentally, none of the other answers worked for me. This worked though:

mysql_query("UPDATE events 
          SET PromotionalTimeLine = '$_POST[$y]'
          WHERE EventID='$y' ");
Joel
  • 2,691
  • 7
  • 40
  • 72
  • 1
    ... and opens up a big hole for SQL injections. – konsolenfreddy Jun 21 '11 at 06:10
  • I'm not talking about the escaping, I'm talking about the format of all the above answers did not work for me. I don't know enough about this to know why, but they didn't work and this does. – Joel Jun 21 '11 at 19:35