Jump to content

Archived

This topic is now archived and is closed to further replies.

Evanthes

whats wrong with this update statement?

Recommended Posts

[code=php:0]
$query = "update tbl_work set site_id=$id comments=$comments date_of_work=$date where work_id=$workid";
[/code]

i guess ive just been looking at this too long and dont understand why mysql doesnt like this statement. Below is how the statement prints out.

update tbl_work set site_id=1 comments=N/A date_of_work=2006-09-14 where work_id=942

does this need to be formatted in some way? thanks for the help ahead of time.!

Share this post


Link to post
Share on other sites
you've got to separate your update fields with commas. also, you need to set off your content with quotes:
[code]
<?php
$query = "update tbl_work set site_id='$id', comments='$comments', date_of_work='$date' where work_id='$workid'";
?>
[/code]

keep in mind that you need to be sure and escape your variables properly for the version of SQL you're using

Share this post


Link to post
Share on other sites
awesome thanks,
its been awhile since ive had to do programming like this...what do u mean exactly by escape your variables?
thanks again

Share this post


Link to post
Share on other sites
[quote author=Evanthes link=topic=108060.msg434361#msg434361 date=1158261638]
its been awhile since ive had to do programming like this...what do u mean exactly by escape your variables?
[/quote]

depending on what type of SQL you're using and what your PHP ini settings are, it's usually a good practice to escape quotes and other possible contaminates out of your string. for instance, if you're trying to insert the following:
[code]
<?php
$q = "I'm awesome!";
$sql = mysql_query("INSERT INTO myTable (fieldName) VALUES ('$q')");
?>
[/code]

you will have a failed query every time since, when the variable is translated, it will actually read the apostrophe in the variable as the end of the VALUES string. to avoid that, you've got to escape (place a backslash in front of) the offending quote. if you're using mysql, you can use mysql_real_escape_string(), if you're using postgresql, you can use pg_escape_string(), and if you're wanting to manually run it, you might even get by with addslashes().

hope this helps!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.