upudating database

[droidus]

Hello.

 

How would I write this code?:

 

mysql_query(sprintf("UPDATE members(notes) SET VALUES('%s') WHERE uname = $_SESSION[user]",mysql_real_escape_string($notes)))

 

I want to update the notes column in my database to the variable, $notes.

 

thanks.

[fugix]

http://dev.mysql.com/doc/refman/5.0/en/update.html

[droidus]

having the sprintf in there kinda throws me off.  otherwise, i would understand how to do it.

[Zane]

$q = sprintf("UPDATE members SET notes = '%s' WHERE uname = '{$_SESSION['user']}'",mysql_real_escape_string($notes));
mysql_query($q);

[gizmola]

having the sprintf in there kinda throws me off.  otherwise, i would understand how to do it.

 

With sprintf the %s you embed gets replaced with the value of the parameter you provide, while also being conformed to the formatting specified.  '%s' just specifies that it needs to be a string, so I don't see a lot of value to using it here over using concatenation. 

 

Done what Zanus suggests is not a bad idea, because you can var_dump($q) and see if it's a valid sql statement if you want, however your main mistake as he also pointed out is that with updates there is no VALUES keyword.  You do

 

SET columname = the_value

 

And if you have multiple columns to update

 

SET columnname1 = a value, columname2 = another value, etc...

 

If your syntax had been correct it would have worked even doing it the original way you had it.