1

I am trying to update a record in my database with values pulled from an exploded array

    $arr2 = explode(",",$_POST['hidden-tags']); 
   //echo $arr2[0];

   //insert new rows into blog post
    mysql_select_db($db, $db);
 $insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4]  WHERE idblog = '$id' ",$dbconnet);

If I echo the values from my array one at a time it works great. Once I try to put them in the db the row turns up empty. Whats more the user may not of entered 5 items they may only have entered 1 but I dont think thats really the problem. To be honest I cant see why its currently failing at all.

I know I can save all values in one field but it will be easier as separate fieldsfor when I pull back and query later on.

Improve this question
0

4 Answers 4

Reset to default
1

if the data types of the columns are string, values must be wrap with single quotes as they are string literals. eg,

$insertq = mysql_query("UPDATE blog SET tags1 = '". $arr2[0] . "',....");

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your answer. Data has already been sanitised by this point which is why there is no sql injection protection. Your answer solved my issue. Cant believe I overlooked '".."' as thats something I already knew. Time for a break maybe
Im using dreamweaver built in functions so GetvalueString($VALUE, "text")
1 
$insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4]  WHERE idblog = '$id' ",$dbconnet);

should be:

$insertq = mysql_query("UPDATE blog SET tags1 = '".$arr2[0]."',tags2 = '".$arr2[1]."',tags3 = '".$arr2[2]."', tags4 = '".$arr2[3]."', tags5 = '".$arr2[4]."'  WHERE idblog = '".$id."' ,$dbconnet);

or the whole query is going to consider the variables names as part of the string

EDITED: i had the quotes inverted.

Improve this answer

Comments

1

It should be like this :

$insertq = mysql_query("UPDATE blog SET tags1 = "'.$arr2[0].'",tags2 = "'.$arr2[1].'",tags3 = "'.$arr2[2].'", tags4 = "'.$arr2[3].'", tags5 = "'.$arr2[4].'"  WHERE idblog = "'.$id.'" ",$dbconnet);
Improve this answer

Comments

1

I think you might need to look at the datatypes of your table. If you are using varchar or text as data-types then single colon will be necessary.

$insertq = mysql_query("UPDATE blog SET tags1 =' $arr2[0]',tags2 = '$arr2[1]',tags3 = '$arr2[2]', tags4 = '$arr2[3]', tags5 = '$arr2[4]'  WHERE idblog = '$id' ",$dbconnet);

Also if the idblog is integer then donot use single quotes.

hope this helps

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.