PHP/MYSQL Update query not working

Question

Can anyone tell my why this update query is not working?

if ($_GET['update']) {
include 'config.php';
//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");

mysql_query("UPDATE contact SET read = 1 WHERE id = '$_GET[update]'")or die("Query failed.");
echo "Update works!";
} else {
echo "Update does not work...ughh.";
}

Thank you in advance.

Edit: I got the query to work. For anyone who was worrying about the security, I was using this script as a test to see if I wanted to use it. I just added the security now that the script works. Thank you all for the help and tips.

Were not here to debug code, what error are you getting?

Brendan Lesniak
– Brendan Lesniak

2012-06-06 21:22:20 +00:00
Commented Jun 6, 2012 at 21:22 — Brendan Lesniak
– Brendan Lesniak, Commented Jun 6, 2012 at 21:22

spitfire · Accepted Answer · 2012-06-06 21:54:27Z

8

What is column read?

mysql_query("UPDATE contact SET read = 1 WHERE id = '$_GET[update]'")

Judging by the non-capitalization of read, I suspect you are using a reserved word in MySQL for that column.

See:

Reserved Words in MySQL

To Get around this, just put a single quote around read. I.E.

mysql_query("UPDATE contact SET 'read' = 1 WHERE id = '$_GET[update]'")

Or better per j.bruni:

mysql_query("UPDATE contact SET `read` = 1 WHERE id = '$_GET[update]'")

edited Jun 6, 2012 at 21:54

answered Jun 6, 2012 at 21:31

spitfire

1811 silver badge4 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Sephiroth Over a year ago

THIS! Thanks friend! Hahah I feel so silly for using 'read'. lol Best answer.

J. Bruni Over a year ago

The manual recommends "backtick" character instead of quotes.

Abhinav Masters Over a year ago

Thanks A Ton Bro! was stuck with "match" (Apparently a keyword ) :P

themerlinproject · Accepted Answer · 2012-06-06 21:25:12Z

7

Try this for your query line:

mysql_query("UPDATE contact SET read = 1 WHERE id = '".$_GET[update]."'")or die("Query failed: " . mysql_error());

Notice the change of the die() statement for better error handling:

die("Query failed: " . mysql_error());

*Also, just an FYI, you should really escape user variables (e.g. GET variables) like so to prevent SQL injections:

mysql_query("UPDATE contact SET read = 1 WHERE id = '".mysql_real_escape_string($_GET[update])."'")or die("Query failed: " . mysql_error());

Please report back the result.

answered Jun 6, 2012 at 21:25

themerlinproject

3,5825 gold badges40 silver badges55 bronze badges

6 Comments

Collin Green Over a year ago

+1 because OP needs to go read about sql injection right this second

Sephiroth Over a year ago

I have not added the security yet!

Chris James Champeau Over a year ago

Why code everything, then add security, that seems like a lot of work to go back and do over, why not do it right the first time?

Sephiroth Over a year ago

The error is: Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read = 1 WHERE id = '148'' at line 1

J. Bruni Over a year ago

Merlin effort brought the error message; Nick gave the correct answer; spitfire got the credit and earned the points; we may consider it is fair, since it is his very first participation in the SO site.

|

richardhsu · Accepted Answer · 2012-06-06 21:23:55Z

3

I believe you need to escape the string to have $_GET['update'] to add it's value to the string. But you really should be using prepared statements least you be attacked by malicious users.

Prepared Statements: http://php.net/manual/en/pdo.prepared-statements.php

answered Jun 6, 2012 at 21:23

richardhsu

8885 silver badges13 bronze badges

Comments

J. Bruni · Accepted Answer · 2012-06-06 21:31:00Z

3

READ is a reserved word. You need to put it within backticks or rename your field.

Take a look at this link:

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

edited Jun 6, 2012 at 21:31

J. Bruni

20.5k13 gold badges80 silver badges93 bronze badges

answered Jun 6, 2012 at 21:26

Nicola Cossu

56.7k15 gold badges96 silver badges99 bronze badges

Comments

Sam · Accepted Answer · 2012-06-06 21:23:30Z

0

You can test so

mysql_query("UPDATE contact SET read = 1 WHERE id = '".(int)$_GET['update']."'")or die("Query failed.");

if isn't this the problem specific

answered Jun 6, 2012 at 21:23

Sam

2,9701 gold badge20 silver badges26 bronze badges

Comments

Othman · Accepted Answer · 2012-06-06 21:28:20Z

0

mysql_query("UPDATE contact SET read = 1 WHERE id = '.$_GET[update].'")or die("Query failed.");
echo "Update works!

Please try to not use the mysql_query. It's old and it's not efficient. why don't try to learn about the PDO and prepare statements .. ?

answered Jun 6, 2012 at 21:28

Othman

3,0183 gold badges25 silver badges33 bronze badges

Collectives™ on Stack Overflow

PHP/MYSQL Update query not working

6 Answers 6

3 Comments

6 Comments

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

3 Comments

6 Comments

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related