0

I have written a PHP class which will update 4 fields of a certain row in a table. The row is decided by a session var 'user' (which is unique). It's not working, but i'm not sure if it is because of the query or the class itself. So i'm first gonna ask you guys if there are any errors in this query (there probaply are) and when the query is correct, i'll see if the class itself has errors as well.

Query:

UPDATE tblRegistratie(lengte, gewicht, bmi geluk) WHERE `gebruikersnaam` = '" . $_SESSION['regain-user'] . "'
        VALUES(
        '".mysqli_real_escape_string($conn, $this->Lengte_update)."',
        '".mysqli_real_escape_string($conn, $this->Gewicht_update)."',
        '".mysqli_real_escape_string($conn, $this->BMI_update)."',
        ''".mysqli_real_escape_string($conn, $this->Geluk_update)."',
        );
Improve this question
4
  • Based on how the SO syntax highlighter is choking on unclosed quotes, can you post the query in correct context from your code? Commented May 18, 2011 at 17:16
  • 3
    Also, what does mysql_error() say after the call fails? Commented May 18, 2011 at 17:16
  • bmi geluk - if that's one column, you need to escape it with backticks (the space might break the query) Commented May 18, 2011 at 17:18
  • 1
    Are you using the INSERT syntax for your UPDATE query? Commented May 18, 2011 at 17:20

6 Answers 6

Reset to default
2

The quotes look funny here, but I think your problem is a trailing comma , after the last param:

''".mysqli_real_escape_string($conn, $this->Geluk_update)."',
                                                          ^^^^^
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Last line:

    ''".mysqli_real_escape_string($conn, $this->Geluk_update)."',
    ^^//fix the double qoute and make it single '
Improve this answer

1 Comment

Ah yes, looks like two problems.
1

This is what an UPDATE query should look like.

UPDATE tblRegistratie
SET lengte=mysqli_real_escape_string($conn, $this->Lengte_update),
    gewicht=mysql...etc
    `bmi geluk`=...etc
WHERE `gebruikersnaam` = '" . $_SESSION['regain-user'] . "'

Yours looks nothing like that.

Improve this answer

1 Comment

Phillips Indeed - I missed that entirely.
0

The correct syntax for UPDATE in MySQL would be something like::

$sql = "UPDATE tblRegistratie SET
    lengte = '".mysqli_real_escape_string($conn, $this->Lengte_update)."',
    gewicht = '".mysql_real_escape_string($conn, $this->Gewicht_update)."',
    bmi = '".mysql_real_escape_string($conn, $this->BMI_update)."',
    geluk = '".mysqli_real_escape_string($conn, $this->Geluk_update)."'
    WHERE gebruikersnaam = '". $_SESSION['regain-user'];
Improve this answer

Comments

0

You need to have your where clause after the values you're setting. Also, it sounds like you have some punctuation issues.

Consider the following rewrite for general easier-to-read goodness:

$query = 'UPDATE tblRegistratie
    SET `lengte` = "' . mysqli_real_escape_string($conn, $this->Lengte_update) . '",
        `gewicht` = "' . mysqli_real_escape_string($conn, $this->Gewicht_update) . '",
        `bmi` = "' . mysqli_real_escape_string($conn, $this->BMI_update) . '",
        `geluk` = "' . mysqli_real_escape_string($conn, $this->Geluk_update) . '"
    WHERE `gebruikersnaam` = "' . $_SESSION['regain-user'] . '"
';

Also, functions like sprintf() can be your friend. :)

$query = sprintf('UPDATE `tblRegistratie`
     SET `lengte` = "%s",
         `gewicht` = "%s",
         `bmi` = "%s",
         `geluk` = "%s"
     WHERE `gebruikersnaam` = "%s";', 
     mysqli_real_escape_string($conn, $this->Lengte_update),
     mysqli_real_escape_string($conn, $this->Gewicht_update),
     mysqli_real_escape_string($conn, $this->BMI_update),
     mysqli_real_escape_string($conn, $this->Geluk_update),
     $_SESSION['regain-user']
);
Improve this answer

2 Comments

You're right, I did. Thanks -- corrected. That thing was tough to write inside a text box; I should have used a real text editor. :)
I edited the query and it now runs in sql. However, the class still doesn't work so it means there's also a problem with it. It doesn't give any errors either, that kinda bothers me. I'll be posting a new question about it. Thanks for the help!
0

PHP

On the last line you have two initial single quotes.

Fix:

''".mysqli_real_escape_string($conn, $this->Geluk_update)."',

becomes

'".mysqli_real_escape_string($conn, $this->Geluk_update)."',

MySQL

Additionally, your UPDATE syntax appears to be completely invalid. Have a read through the documentation.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.