I am using this code so I can update a record in database:
$query = mysql_query("UPDATE article
SET com_count = ". $comments_count
WHERE article_id = .$art_id ");
My question is: How can I use variables in a MySQL UPDATE statement.
$query = mysql_query("UPDATE article set com_count = $comments_count WHERE article_id = $art_id");
You was messing up the quotes and concats.
You can use inline vars like the previous example or concat them like:
$query = mysql_query("UPDATE article set com_count = " . $comments_count . " WHERE article_id = " . $art_id);
You messed up on your " . pattern.
$query = mysql_query("UPDATE article set com_count = ". $comments_count . " WHERE article_id = " . $art_id . ");
Use apostrophes when using variables in a MySQL UPDATE statement:
$query = mysql_query("UPDATE article
SET com_count = '$comments_count'
WHERE article_id = '$art_id'");
Be careful about space and apostrophes.
Related
I am trying to updata a database table using pq_query in PHP. I have the following code:
$q = "UPDATE tableName SET ('data1 = " . $data1 . "', data2='" . $data2 . "') WHERE user=".$user;
$success = pg_query($q);
if (!$success) {
$errormessage = pg_last_error();
echo "Error " . $errormessage;
}
I am getting the following error message:
ERROR: syntax error at or near "'data1 = '"
LINE 1: UPDATE tableName SET ('data1 = 10', data2= 20'') WHERE user=
Replace your query with this query
$q = "UPDATE tableName SET data1 = '$data1', data2='$data2' WHERE user='$user'";
Explaination: You should pass variable in single quotes('') if your query in double quotes.
You are using a lot of quotes which it is not understood by PostgreSQL, try simply this :
$q = "UPDATE tableName SET data1 = " . $data1 . ", data2=" . $data2 . " WHERE user=".$user;
Remove those single quotes !
I have two arrays with ID and description.
In database I have same ID but doesn't have description.
How I can add each description form array to current ID?
This is full code
foreach($product->find('.block-d .btns-d .btn-buy') as $productId) {
if(!empty($productId)) {
dataId = $productId->{'data-offerid'};
}
}
foreach($product->find('.description div div p') as $description) {
if(!empty($description)) {
$query = "UPDATE snowcore_parser_products SET description = " . $description . " WHERE remote_id = " . $dataId . " ';";
$sql = mysqli_query($db, $query);
}
}
If I try to use just simple value without array it works. For example
$query = "UPDATE snowcore_parser_products SET description = '1';";
I think your query is malformed. It doesn't have quotes around the description to indicate it is a string. For example, if the value for description is "stackoverflow" and the id is "1", your query would look like so:
UPDATE snowcore_parser_products SET description = stackoverflow WHERE remote_id = 1 ';
So to fix this, the last quote should disappear and the value for description should be surrounded with quotes. Like this:
$query = "UPDATE snowcore_parser_products SET description = '" . $description . "' WHERE remote_id = " . $dataId . ";
Also I recommend you to read this article on SQL injection, as this query isn't safe.
just use foreach and that`s all, try this:
$ids = [1,2,3];
$descriptions = [1,2,3];
foreach($ids as $key => $id) {
$query = "UPDATE snowcore_parser_products SET description = " . $descriptions[$key] . " WHERE remote_id = " . $id . " ';";
$sql = mysqli_query($db, $query);
}
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like = '0 +1' WHERE wall_id = '20'' at line 1
$sql = mysql_query("UPDATE wall SET like = '$nelike' WHERE wall_id = '$id' " );
if($sql)
echo "Success;
else
echo "something wrong<br/>" . mysql_error();
Why I'm getting this error message?
Your column like needs to be encapsulated in backticks because like is also a MySQL keyword.
$sql = mysql_query("UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id' " );
You'd want to apply backticks to columns with spaces in their names as well.
Also, it wouldn't be a bad idea to escape your data (if you didn't know)
$sql = mysql_query("UPDATE wall
SET `like` = '" . mysql_real_escape_string($nelike) . "'
WHERE wall_id = '" . mysql_real_escape_string($id) . "'" );
LIKE is a SQL keyword. You'll need to put it in backticks if you want to use it as a field name:
UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id'
The error was that you are using a RESERVED WORD in mysql and you didn't escape it using backtick.
$sql = mysql_query("UPDATE wall SET like = '$nelike' WHERE wall_id = '$id' " );
should be written as
$sql = mysql_query("UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id' ");
Ok, I am querying my DB for a file. And I want to use a PHP global variable and stick it somewhere in that output using say a '$dir' in my table. Any possible way to do so?
Just use it in a string for the query like you would in any other string. eg:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $id;
Though if you do this and your variables use user input it's VERY IMPORTANT to sanitize them against SQL injection and such. The function mysql_real_escape_string() is provided for just such instances.
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);
$query = "SELECT '" . $dir . "' as myVariable, userName, userpassword from users where userName = ...."
The first reply was missing some quotes:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $i
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . $i
and
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . mysql_real_escape_string($id);
this script have to update things on every refresh but not working. lend me a hand
$yp = mysql_query("select id from yyy where twitterid = '$tid'");
$qq = "update yyy set twitterid = '$tid',
twitterkullanici = '$twk',
tweetsayisi = '$tws',
takipettigi = '$tkpettigi',
takipeden = '$tkpeden',
nerden = '$nerden',
bio = '" . mysql_real_escape_string($bio) . "',
profilresmi ='$img',
ismi = '$isim'
where id = '$yp'";
$xx = mysql_query($qq);
Looks like you are not getting the value out of the variable $yp.
You need to do
$row = mysql_fetch_row($yp);
then
id = '.$row[0] .'
in your update query
$yp - is a result of mysql_query (resource). You have to read id from database (mysql_fetch_array or mysql_fetch_row).
$yp = mysql_query("select id from yyy where twitterid = '$tid'");
if ($yp)
{
if ($row = mysql_fetch_array($yp,MYSQL_ASSOC))
$id = $row["id"];
}
Now use $id in WHERE clause.
To make debugging SQL easier in PHP add the following after to your mysql_query(0 call.
mysql_query($qq) or die("A MySQL error has occurred.<br />Your Query: " . $qq. "<br /> Error: (" . mysql_errno() . ") " . mysql_error())
Just make sure you remove it before you go into prod, as it can give useful info away to any hackers attempting Sql Injection.