This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
When I use these statements works:
$sql = "UPDATE nametable SET column = '$number' WHERE username = '$text'";
$result = mysql_query($sql, $link) or die(mysql_error());
But, when I change 'column' to 'option1' like this:
$sql = "UPDATE nametable SET '$option1' = '$number' WHERE username = '$text'";
The query doesn't work. What's wrong with $option1? :/
Thanks!
column names must not be enclosed by quotes '
$sql = "UPDATE nametable SET " . $option1 . " = '$number' WHERE username = '$text'";
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 3 years ago.
When I run this Script the strtotime and date functions work, but when the SQL query runs the date column in the db remains blank.
$date = mysqli_real_escape_string($conn, $_POST['date']);
$day1 = strtotime($date);
$day1 = date('Y-m-d', $day1);
$id = 1;
echo $day2;
$sql = "UPDATE essay SET date = $day1 WHERE id = $id";
You have to add a quote over the $day1 like this way :
$sql = "UPDATE essay SET date = '$day1' WHERE id = '$id'";
Another way to do it by concatenate :
$sql = "UPDATE essay SET date = ".$day1." WHERE id = ".$id;
Unless an SQL field is an integer type or similar numeric type, data written to it should be quoted in an insert statement. In this case, your $day1 is something like "2019-04-18" so your SQL should read:
$sql = "UPDATE essay set date = '$day1' where id = $id";
The single quote should allow the query to succeed. Note that debugging this sort of thing is fairly easy, but isn't taught in some tutorials; if the query fails, try logging or echoing the MySQL(i) error:
$query = $db->query($sql);
if (!$query) echo $db->error;
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
For some strange reason I cannot insert a username into the database, but when I change the value into any integer it works once I click like, it works.
$postid = $_POST['postid'];
$userid = $_GET['username'];
$result = mysqli_query($dbh,"SELECT * FROM user_images WHERE id=$postid");
$row = mysqli_fetch_array($result);
$n = $row['likes'];
mysqli_query($dbh,"INSERT INTO likes(username, postid) VALUES($userid, $postid)");
mysqli_query($dbh,"UPDATE user_images SET likes=$n+1 WHERE id=$postid");
echo $n+1;
exit();
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
$query = "update admin set username = $username and password = $password where id = 1;
Any alternative to use this code with php?
You need to use quotes around the variables.
Try this:
$query = "UPDATE admin SET username = '".$username."', password = '".$password."' WHERE id = 1";
Hope this helps.
Peace! xD
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This is my code and I can't figure out how to update the product_info:
include_once "dbconnect.php";
session_start();
$p_id = $_SESSION['rbtn'];
$p_name=securethis( $_POST['p_name']);
$p_unit=securethis( $_POST['p_unit']);
$p_price=securethis( $_POST['p_price']);
$p_details=securethis($_POST['p_details']);
$query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
mysql_query($query) or die(mysql_error()) ;
$_SESSION['rbtn'] = "";
header("Location: admin.php");
Your used query should be in valid format to execute by MySQL . May be there are some columns in product_info table are VARCHAR type like as p_name . So use single quote (') to create a valid query . You can also check it by echoing your query and execute this on MYSQL prompt . It will tell the exact problem.
echo $query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
and execute the the printed query directly to the MYSQL shell .
Write the query like this-
$query= "UPDATE product_info SET p_name='$p_name',p_unit='$p_unit',p_price='$p_price',p_details='$p_details',p_diretory='hi' WHERE p_id='$p_id'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
include("db_connector.php");
$soru = "asdasds";
$tip = 1;
$soruId = 0;
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
$islem = mysql_query($sql)or die(mysql_error());;
if(isset($islem))
{
$soruId = mysql_insert_id();
}else
{
header("refresh:2;sorular.php");
}
this code give an error like this : Unknown column 'asdasds' in 'field list'
You need to change the SQL statement in this:
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."','".$soru."',".$tip.")";
Strings needs to be encapsulated with a single quote. :)
I just add ' before and after every variable in query. You cannot pass string to query without adding single quote '.
Change From:
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
to :
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."', '".$soru."', '".$tip."')";