Jump to content


Photo

whats wrong with this update statement?


  • Please log in to reply
4 replies to this topic

#1 Evanthes

Evanthes
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 14 September 2006 - 07:09 PM

$query = "update tbl_work set site_id=$id comments=$comments date_of_work=$date where work_id=$workid";

i guess ive just been looking at this too long and dont understand why mysql doesnt like this statement. Below is how the statement prints out.

update tbl_work set site_id=1 comments=N/A date_of_work=2006-09-14 where work_id=942

does this need to be formatted in some way? thanks for the help ahead of time.!


#2 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 14 September 2006 - 07:11 PM

you've got to separate your update fields with commas. also, you need to set off your content with quotes:
<?php
$query = "update tbl_work set site_id='$id', comments='$comments', date_of_work='$date' where work_id='$workid'";
?>

keep in mind that you need to be sure and escape your variables properly for the version of SQL you're using
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#3 Evanthes

Evanthes
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 14 September 2006 - 07:20 PM

awesome thanks,
its been awhile since ive had to do programming like this...what do u mean exactly by escape your variables?
thanks again

#4 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 14 September 2006 - 07:28 PM

its been awhile since ive had to do programming like this...what do u mean exactly by escape your variables?


depending on what type of SQL you're using and what your PHP ini settings are, it's usually a good practice to escape quotes and other possible contaminates out of your string. for instance, if you're trying to insert the following:
<?php
$q = "I'm awesome!";
$sql = mysql_query("INSERT INTO myTable (fieldName) VALUES ('$q')");
?>

you will have a failed query every time since, when the variable is translated, it will actually read the apostrophe in the variable as the end of the VALUES string. to avoid that, you've got to escape (place a backslash in front of) the offending quote. if you're using mysql, you can use mysql_real_escape_string(), if you're using postgresql, you can use pg_escape_string(), and if you're wanting to manually run it, you might even get by with addslashes().

hope this helps!
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#5 Evanthes

Evanthes
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 14 September 2006 - 07:42 PM

yes thanks a lot  for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users