0

I made a simple query to update my table using php, but could not figure out the error.

My Function :

function editData($id, $data) {
    $message ="";
    $query= "UPDATE blood_data SET name='{$data['name']}', group='{$data['group']}',
             address1='{$data['address']}', district='{$data['district']}',
             age='{$data['age']}', sex='{$data['sex']}', phone='{$data['phone']}', 
             mobile='{$data['mobile']}',  email='{$data['email']}' 
             WHERE id='{$id}' ";

    if(mysql_query($query)) {
        $message ="Data Successfully Updated ";
    }else {
        die("failed: " . mysql_error());    
    }

    return $message;

}

This is what passed in function :

$dataArray = [
    'name'=>$_POST['full_name'],
    'group'=>$_POST['group'],
    'sex'=>$_POST['sex'],
    'age'=>$_POST['age'],
    'address'=>$_POST['address'],
    'district'=>$_POST['district'],
    'email'=>$_POST['email'],
    'phone'=>$_POST['phone'],
    'mobile'=>$_POST['mobile']
  ];

  $msg = editData($idUploader, $dataArray);

And the error message thrown was :

failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group='O +', address1='dsd', district='sdfs', age='22', sex='male', phone='23423' at line 1

Improve this question

2 Answers 2

Reset to default
7

You need to quote your field names, as group is a reserved MySQL keyword. For example:

UPDATE blood_data SET `name` = '{$data['name']}', `group` = '{$data['group']}' ...

Look at using PDO as it will do it for you and help prvent SQL injection, amongst many other benefits. Not to mention the mysql_* functions are deprecated.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You should avoid such code, your program is vulnerable to SQL injection attacks. Consider using mysqli with prepared statements instead.

As Matt Humphrey already mentioned in his answer, group is reserved mysql keyword, but you can use it when you disclose it in backticks like this:

`group`
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.