Cannot update database record from within php script

Question

i am trying to implement a simple like and dislike script in php using mysql as a database. The database has only 1 table, called simple. The table structure in the database is the following:

 id  like   dislike

The like column stores the number of likes and dislike column stores the number of dislikes.

The html form is pretty simple:

           <form action="<?php echo $_SERVER['PHP_SELF']?>">
                <p>Hello world</p>
                <button name="like" value="like" style="height: 20px;width:35px">Like</button>
                <button name="dislike" value="dislike" style="height: 20px;width: 50px">Dislike</button>
            </form>

So the idea is the following. When a user clicks the like button the "like" column in the table is incremented and when a user clicks the "dislike" button the dislike column is incremented. So far the table has only 1 record:

  id  like  dislike
   1    0     0

The php sript that handles the form is the following

       include('config.php');
        if(isset($_GET['like']) || isset($_GET['dislike']))
        {
            if(isset($_GET['like']))
            {
                $id=1;
                $query="SELECT * FROM simple WHERE id='1'";
                $res=mysqli_query($conn, $query);
                $row=mysqli_fetch_assoc($res);
                $likes=$row['like'];
                $dislike=$row['dislike'];
                $likes++;
                $sql="UPDATE simple SET like='".$likes."'  WHERE id='1' ";
                $res=mysqli_query($conn, $sql);
                if($res)
                {
                    echo 'Success <a href="index.php">Go back</a>';
                }
                else
                {
                    echo "Error: ".mysqli_error($conn).'<br>';
                }
                mysqli_close($conn);
            }
        }

the config.php file stores database configuration:

  $conn=mysqli_connect(HOST, UNAME, psword);
  mysqli_select_db($conn, dbname);

When I click the like button the following code is displayed:

   Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'like='1' WHERE id='1'' at line 1

It turn out that the UPDATE command has a bug which I cannot find. What is the mistake? Any help is highly appreciated

obligatory tip, you should use a separate table for likes, else you will have no way of knowing if someone has already liked — Lawrence Cherone, Jul 13 '22 at 12:05
What are your column types? You're putting quotes around what I would expect to be numerical columns, so you're trying to stick a string in there. In any case, why do you run two queries when you could just `Update simple set likecount = likecount + 1 where id = ?` ? Your method would allow likes to be lost if two or three hundred people like something at the same time. — droopsnoot, Jul 13 '22 at 12:09
Does your query work if you put the correct values in and run it in phpmyadmin? You also need to read up on Prepared Statements for when you're going to pass `id` in rather than hard-coding it. — droopsnoot, Jul 13 '22 at 12:11

score 0 · Answer 1 · answered Jul 13 '22 at 12:03

0

You need add escape to special word like

Your query must be

UPDATE `simple` SET `like` = '".$likes."' WHERE `id`='1'

Full list of reserved words here

answered Jul 13 '22 at 12:03

Andrey Vorobyev

896
1
10
37

This did not work – olzha bala Jul 13 '22 at 12:06
It's impossimble, if table and columns are exists. Show your new query – Andrey Vorobyev Jul 13 '22 at 12:07
You are correct. I just changed the name of the like column to the likes and everything worked. Thanks – olzha bala Jul 13 '22 at 12:18
You can use symbol ` to use special words as table or column names, it's will be works too – Andrey Vorobyev Jul 13 '22 at 12:35

Cannot update database record from within php script

1 Answers1