0

I'm trying to update a column, I got no modification in the column value can you please help me with that?

Code i am trying:-

global $wpdb;
$param1 = $_GET['projectID'];
$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";
$wpdb->query($sql1);
echo $param1;
echo $sql1;

this is what i got as error :

Erreur de la base de données WordPress : [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=

UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=
Improve this question
11
  • 5
    Your code is wide open for SQL injection please use prepared statements. What are the errors you get? Commented Jan 25, 2018 at 11:26
  • @SuperDJ no errors and no change in the value of the column Commented Jan 25, 2018 at 11:29
  • @AlivetoDie no change even with nbrDonation+1 instead of (nbrDonation+1) Commented Jan 25, 2018 at 11:31
  • @AlivetoDie data-type is : int and as an example of the value : 594841 Commented Jan 25, 2018 at 11:32
  • ok change query like this:- $sql1="UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=$param1"; and check worked or not. If not just after this query write echo $sql1; and see what query you got printed. Use that query into db directly and see what error you got Commented Jan 25, 2018 at 11:35

2 Answers 2

Reset to default
1

It seems like your $param1 value may be empty, or otherwise invalid.

[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1]

The '' implies that the value is empty; so the SQL is doing:

UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=''

Which is invalid as nothing ('') is not an integer value as expected.

Solution:

You need to force the $param1 value to be interger. You can do this by typecasting in PHP.

so:

$param1 = (int)$_GET['projectID']; // forces it to a numeric value, 1 or 0

This will then mean the SQL will work correctly:

$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";

You do not need the brackets around the nbrDonation+1 and you do not need quotes around the ID number, because it's numeric.

Please also note:

How to Prevent SQL Injection compromise in MySQL with PHP

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

for echo $sql1; i get UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=00 so no change in column value
so your $param1 is being set as zero; so you're updating a column with id zero which is usually not a column. What should the column id be? You need to check your $_GET value is correct.
what does var_dump($_GET); tell you?
var_dumps gives me the following line: array(1) { ["projectID"]=> string(0) "" }
Ok so your value $_GET["projectID"] has not been set. That is your problem.
0

Remove the single quote your projectID

$sql1="UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=$param1";

Try now.

Improve this answer

1 Comment

While good practise, this should not break the update SQL or cause the upate not to occur.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.