1

I have encountered an error and I do not know what is wrong with my code. Can someone help me?

Error: UPDATE users SET voornaam = Test, achternaam = Test2, mail = [email protected], tel = ,adres = , geslacht = man, bestuur = 0, tc = 0, ic = 0, jec = 0, rvr = , instructeur = 0, webmaster = 0 WHERE id = 1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'adres = , geslacht = man, bestuur = 0, tc = 0, ic = 0, jec = 0, rvr = , instruct' at line 1

$id = $_GET['u'];

$sql = "UPDATE users SET voornaam = $voornaam, achternaam = $achternaam,
        mail = $mailadres, tel = $tel, adres = $adres, geslacht = $geslacht,
        bestuur = $bestuur, tc = $tc, ic = $ic, jec = $jec, rvr = $rvr, 
        instructeur = $instructeur, webmaster = $webmaster WHERE id = ".$id."";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
Improve this question
3
  • Looks like you didn't set the value for $tel and $adres, are they empty? Consider using quotes on the strings (like this voornaam = '$voornaam') just for sake of testing. But in reality, a preparedStatement should be used. Commented Oct 6, 2015 at 17:56
  • Your $adres is empty, your query adres = , gives error, if they are empty strings, it should be in qoutes like this: adres = '$adres' Commented Oct 6, 2015 at 18:06
  • Does this answer your question? How to include a PHP variable inside a MySQL statement Commented Dec 10, 2020 at 23:14

4 Answers 4

Reset to default
2

You should have something like:

$sql = "UPDATE `users` 
           SET `voornaam` = '$voornaam', 
             `achternaam` = '$achternaam', 
                   `mail` = '$mailadres', 
                    `tel` = '$tel', 
                  `adres` = '$adres', 
               `geslacht` = '$geslacht', 
                `bestuur` = '$bestuur', 
                     `tc` = '$tc', 
                     `ic` = '$ic', 
                    `jec` = '$jec', 
                    `rvr` = '$rvr', 
            `instructeur` = '$instructeur', 
              `webmaster` = '$webmaster' 
           WHERE id = '".$id."'";

This way you are protected if there are empty fields anywhere. You should also make sure you sanitize all the entries you wish to insert in the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You must quote ANY string like 'xxxx' else empty strings are missing and string with spaces are see as 2 strings achternaam= van mueller is wrong but achternaam = 'van mueller' is ok and also achternaam=''

Improve this answer

Comments

2

You need add quote ' around the updated value, like

$sql = "UPDATE users SET voornaam = '$voornaam', achternaam = '$achternaam', mail = '$mailadres', tel = '$tel', adres = '$adres', geslacht = '$geslacht', bestuur = '$bestuur', tc = '$tc', ic = '$ic', jec = '$jec', rvr = '$rvr', instructeur = '$instructeur', webmaster = '$webmaster' WHERE id = '".$id."'";
Improve this answer

Comments

2

If you are not sure that your variables are set before your query, then check them before you create sql query with isset:

if (!isset($a)) {
    $a = ''
}

and put your variables in quote:

$sql = "UPDATE users SET voornaam='$voornaam', achternaam='$achternaam',   
        mail='$mailadres', tel='$tel', adres='$adres', geslacht='$geslacht', 
        bestuur='$bestuur', tc='$tc', ic='$ic', jec='$jec', rvr='$rvr', 
        instructeur='$instructeur', webmaster='$webmaster' WHERE id='".$id."'";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.