0 
updateUser(request, respond) {
    var userObject = new User(request.params.id, request.body.firstName, request.body.lastName, request.body.username, request.body.email, request.body.password, request.body.rememberMe, request.body.profilePic, request.body.mobileNumber, request.body.gender, request.body.birthday, request.body.address, request.body.postalCode, request.body.language);

    //what is this    
    var sql = "UPDATE resreview.users SET firstName = ?, lastName = ?, username = ?, email = ?, password = ?, rememberMe = ?, profilePic = ?, mobileNumber = ?, gender = ?, birthday = ?, address = ?, postalCode = ?, language = ? WHERE userId = ?";

    var values = [
        userObject.getFirstName(),
        userObject.getLastName(),
        userObject.getUsername(),
        userObject.getEmail(),
        userObject.getPassword(),
        userObject.getRememberMe(),
        userObject.getProfilePic(),
        userObject.getMobileNumber(),
        userObject.getGender(),
        userObject.getBirthday(),
        userObject.getAddress(),
        userObject.getPostalCode(),
        userObject.getLanguage()];

    db.query(sql, values, function (error, result) {
        if (error) {
            throw error;
        }
        else {
            respond.json(result);
        }
    });
}

When I try to run it in command prompt, I keep getting this error

Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?' at line 1

I am just following this format

UPDATE table_name SET column1 = value1, column2 = value2...., columnN = valueN WHERE [condition];

Can somebody please explain to me what the problem is?

Improve this question
1
  • 1
    Check your userId. Commented Dec 27, 2019 at 8:13

1 Answer 1

Reset to default
1

Apart from the fact that I don't know the db class, check numbers of parameters and values. You have less entries in values as placeholders in your sql string. That means, your placeholder ? in the where clause wont be replaced.

Add the userId to the values array

 var sql = "UPDATE resreview.users SET firstName = ?, lastName = ?, username = ?, email = ?, password = ?, rememberMe = ?, profilePic = ?, mobileNumber = ?, gender = ?, birthday = ?, address = ?, postalCode = ?, language = ? WHERE userId = ?";

//added userObject.getUserId()
var values = [
    userObject.getFirstName(),
    userObject.getLastName(),
    userObject.getUsername(),
    userObject.getEmail(),
    userObject.getPassword(),
    userObject.getRememberMe(),
    userObject.getProfilePic(),
    userObject.getMobileNumber(),
    userObject.getGender(),
    userObject.getBirthday(),
    userObject.getAddress(),
    userObject.getPostalCode(),
    userObject.getLanguage(),
    userObject.getUserId()
];

Or add the userId into the sql string

//make sure to escape the `userId` if it's not an internal value and check if you've implemented an db.escape() method - otherwise you can use replace() with a regex pattern
var sql = "UPDATE resreview.users SET firstName = ?, lastName = ?, username = ?, email = ?, password = ?, rememberMe = ?, profilePic = ?, mobileNumber = ?, gender = ?, birthday = ?, address = ?, postalCode = ?, language = ? WHERE userId = " + db.escape(userObject.getUserId());
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks a lot, didn't realise that I never included the userId in my 'values' array
👍 I always counting placeholders and array entries. Double check myself.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.