1

I have the following query:

$sql  = "UPDATE db.users SET $str WHERE users.{$this->row} = {$this->value} LIMIT 1";

Which echo's out:

UPDATE db.users SET username=testUser, gid=3 WHERE users.username = mmiller LIMIT 1

However when I do:

$count = Db::init()->exec($sql);

I get:

Fatal error: Uncaught exception 'PDOException' with message

'SQLSTATE[42S22]: Column not found: 1054 Unknown column 'mmiller' in 'where clause'' in /class.php:185 Stack trace: #0 /class.php(185): PDO->exec('UPDATE db...') #1 /class.php(194): User->modify('username', 'gid', 'testUser', '3') #2 {main} thrown in /class.php on line 185

Any ideas?

Improve this question

2 Answers 2

Reset to default
5

You need to use "

UPDATE db.users SET username="testUser", gid="3" WHERE users.username = "mmiller" LIMIT 1

Make sure your echo shows you that. You could use ' ofcourse, whatever floats your boat :)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

probably for "testuser" this time? I'll fix that too :P
You have to add the ' around the {$this->value}, but there is also a wrong assignment withing that $set variable. Also: you say you don't need prep. statements, but you wouldn't be having this problem if you did you use them....
2

You need to use quotes around string values;

 $sql = "UPDATE db.users SET $str WHERE users.{$this->row} = '{$this->value}' LIMIT 1";

Seeing you're already using PDO, it might be beneficial to use prepared statements. Although a bit slower for a one-off query, it increases security and handles all escaping necessary, so you won't run in to these problems.

Improve this answer

3 Comments

Theres no user input so Im not in need for prep statements. However putting this in quotes just returns the same error
@Headspin Somehow, your database thinks "mmiller" is a column, instead of a value. That usually boils down to having forgotten the quotes around a string value. If you put it in quotes, there's no way your database will think you're referring to a column.
You know what, yer right, its was just one of the values in the $str string that needed the quotes around it. Correct for more complete answer. Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.