Php mysql query update of data gives syntax error

Question

This is my php code to update products in database:

$sql="UPDATE product SET name=$newname , price=$price , stock=$stock , color=$color WHERE id=$id";
if($conn->query($sql)){
    echo "product update";
}

It gives this error:

Error: UPDATE product SET name=samsung galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1' at line 1

Does this answer your question? [When to use single quotes, double quotes, and backticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql) — Tangentially Perpendicular, Aug 18 '21 at 09:26

Gerard de Visser · Accepted Answer · 2021-08-18T09:31:39.393

1

This code should work:

$sql="UPDATE product SET name='$newname', price='$price', stock='$stock', color='$color' WHERE id='$id';";

But a better approach would be to use parameterized prepared statements as you are vulnerable now to SQL injections. Also refer to: https://dev.mysql.com/doc/apis-php/en/apis-php-mysqli.quickstart.prepared-statements.html

edited Aug 18 '21 at 09:31

answered Aug 18 '21 at 09:26

Gerard de Visser

7,590
9
50
58

score 1 · Answer 2 · answered Aug 18 '21 at 09:28

1

Put single quotes to variables which has string values like this

$sql="UPDATE product SET name='$newname' , price='$price' , stock=$stock , color='$color' WHERE id=$id";

answered Aug 18 '21 at 09:28

Maxx P

148
10

Php mysql query update of data gives syntax error

2 Answers2