0

Im wondering if something like this is possible?

$joinguild = "UPDATE guild SET '.$rank.'='.$receiver.' WHERE name ='"$dupecheckinfo["guild"]"'";

Im trying to SET '.$rank.'='.$receiver.', but I dont know if I can use a variable where $rank is. Is there a proper way to write this. Is it even possible? If not how would you approach it? Thanks!

Here is my SQL table im working with

Edit: See how my table has Rank1 Rank2 Rank3 etc. Well I am passing the rank value that I want to set so for example 

$rank = $_POST["rank"];

$joinguild = "UPDATE guild SET '.$rank.'='.$username.' WHERE name ='"$dupecheckinfo["guild"]"'";
Improve this question

3 Answers 3

Reset to default
1

Your question in not clear but you have some problems in your PHP statement. I think you are trying to create your SQL UPDATE query using PHP variables.

Try this:

$joinguild = "UPDATE guild SET $rank='$receiver' WHERE name='" . $dupecheckinfo["guild"] . "'";

Here $rank should have valid column name in your table. Also read about SQL injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Your question is quite unclear but to update records from a table you can use this line of code:

  $sql=mysqli_query($conn, "UPDATE `table` SET option1='$op1', option2='$op2', option3='$op3', option4='$op4' where id='$id'");

If this is unclear please let me know.

Improve this answer

4 Comments

Thanks for the response, I want to know if its possible for SET option1='$op1' to be something like SET '$options'='$op1'. If so what would be the syntax for that.
option1='$op1' to '$options'='$op1' ? It's still unclear, can you explain in detail again?
Thanks for your help. I edited my description above. See how I am passing into the PHP script the $rank variable? I need to set that equal to another variable using SET.
I am confused what you are actually trying to create with that script but there are some errors in your script, just use the one I've given above and replace the variable names with $rank and $receiver.
0

Yes, you can use variables for table and field names in your queries. However, you should avoid it whenever possible, because it generally leads to SQL injection vulnerabilities. Instead of building queries with string concatenation, use prepared statements with bound parameters. See this page and this post for some good examples.

Unfortunately, the bind mechanism works only for values and not for table names or field names, so it's best to try avoiding variable table/field names. If you find that you absolutely must, the best approach would be to ensure that the contents of the variable matches with a pre-set whitelist of allowed table/field names.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.