having trouble with post code mysqli

[zpupster]

i am lost, i am getting an error with my code, a reported syntax error -- i have tried many thing and can not get the record to update.  Nothing in the error log

 

Error

 

Connected successfully -Error -You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''10', weight'4.00', price'69.0000', where products_id = '29'' at line 3

<?php error_reporting(E_ALL);

    ini_set('display_errors', '1');

    ?>

<?php

  include 'connect.php';

   if(isset($_POST['btn_submit'])){

      $sql ="update products set 



                        quantity'".$_POST['txt_quantity']."',

                        weight'".$_POST['txt_weight']."',

                        price'".$_POST['txt_price']."',

            where products_id = '".$_POST['txt_id']."'

    ";

    if(mysqli_query($con, $sql)){

        header('Location:index.php');   

    }else{

        echo "Error " .mysqli_error($con);

   }

}



if(isset($_GET['id'])){

     $sql = "SELECT products_id, products_quantity, products_weight, 

products_price 

            FROM products 

            where products_id=" .$_GET['id'];

$result = mysqli_query($con, $sql);

if(mysqli_num_rows($result)>0){

   ($row = mysqli_fetch_assoc($result)); 

 $id = $row['products_id'];

 $quantity = $row['products_quantity'];

 $weight = $row['products_weight'];

 $price = $row['products_price'];

     }

 }





 ?>



<form action="" method="post">

  <table>

    <tr>

      <td>Quantity</td>

      <td><input name = "txt_quantity" value ="<?=$quantity?>"></td>

    </tr>

    <tr>

      <td>Weight</td>

      <td><input name = "txt_weight" value ="<?=$weight?>"></td>

    </tr>

    <tr>

      <td>Price</td>

      <td><input name = "txt_price" value ="<?=$price?>"></td>

    </tr>

    <tr>

      <td><input type = "hidden" value ="<?=$id?>" name = "txt_id" ></td>

      <td><input type="submit" name="btn_submit"></td>

    </tr>

  </table>

</form>

[zpupster]

I believe the error is somewhere in where clause, looking and trying to change following many examples i can not get this to post. the data retrieves fine but i cannot edit and then post the update.

[benanamen]

Stop what you are doing.

 

Never ever put variables in your query. You need to use prepared statements.

PDO is better. https://phpdelusions.net/pdo

Check for the request method, not the name of a button.

Do not create variables for no reason.

You are missing several equal signs. Look up how to do a correct INSERT query. You are making the same exact mistake from your post here https://forums.phpfreaks.com/topic/303672-update-php/

Edited April 10, 2017 by benanamen

[zpupster]

ty for your helpful hints,  i finally got this to work.

 

now i can learn it the right way, the pdo way.  after reading about pdo it seems the way to go.

 

ty again,