0

I'm working on my first PHP/MySQL project, and I've gotten basic logins and INSERT queries working, but not updates. This is my first update, which is just one row with a state and zipcode. Is anything wrong?

$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$state=$_POST['state'];
$zip=$_POST['zip'];

$custnum = 0;
$sql="UPDATE $tbl_name SET state = '$state', zip = '$zip', WHERE custnum = '$custnum'";
$result = mysqli_query($dbc, $sql)
or die('Error querying database.');
Improve this question
3
  • 1
    you don't need the last comma before the "WHERE" clause Commented Mar 8, 2012 at 16:32
  • 1
    You are mixing mysql_ and mysqli_ functions, which won't work. Commented Mar 8, 2012 at 16:33
  • 3
    Also, the code you show is vulnerable to SQL injection. Use the proper sanitation method of your library (= in this case, mysql_real_escape_string()), or switch to PDO and prepared statements. Commented Mar 8, 2012 at 16:34

6 Answers 6

Reset to default
4 
$sql="UPDATE {$tbl_name} SET state='{$state}', zip='{$zip}' WHERE custnum='{$custnum}'";

Remove the last comma before "WHERE" clause. Also, if you're just starting out it's good to put parenthesis around variables names when using double-quotes for strings. Helps you to distinguish the variables better.

Pekka is also correct in his comments, you are mixing mysql and mysqli functions. Use mysql_query() instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I think you need to get rid of the comma just before the WHERE.

Improve this answer

Comments

2 
$suitno =mysqli_real_escape_string($ecms,$_POST['suitno']);//protecting sql injection 
$defendant=mysqli_real_escape_string($ecms,$_POST['defendant']);//protecting sql injection 
$casenature=mysqli_real_escape_string($ecms,$_POST['casenature']);//protecting sql injection 

$sql="UPDATE causelist SET suitno='{$suitno}', 
casenature='{$casenature}' WHERE suitno='{$suitno}'";
$result = mysqli_query($ecms, $sql)
or die('Error querying database.');
Improve this answer

1 Comment

you should detail your answer
1 
    $dbc = mysql_connect($host, $username, $password)or die("cannot connect"); //don't need quotes
    mysql_select_db($db_name,$dbc)or die("cannot select DB"); //added the $dbc (connection link) as a second parameter

    $state=mysql_real_escape_string($_POST['state']); //Should make it safe!
    $zip=mysql_real_escape_string($_POST['zip']); //Should make it safe!

    $custnum = 0;
    $sql="UPDATE $tbl_name SET state = '$state', zip = '$zip' WHERE custnum = '$custnum'"; 

//removed an extra comma

    //Notice that $tbl_name isn't defined!
    u
    $result = mysql_query($sql)
    or die('Error querying database.'); //from mysqli to mysql
Improve this answer

Comments

0

Looks like a sql syntax error:Remove the comma before WHERE

Improve this answer

Comments

0

if(isset($_POST['update'])) { $name=$_POST['name']; //echo $name; die; $surname=$_POST['surname'];

 $upd="update table_name SET  name='$name',surname='$surname' where id=$id";
mysql_query($upd);

}

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.