0

Wondering if anyone can help - I'm sure this was working before, but I can't get a mysql update to work

$db->query("UPDATE entry_pending_details SET old_value = '{$value ["old_value"]}' WHERE id = '{$value ["id"]}'");

it's clearly the variables not being recognised as if I drop hardcoded values in it's ok.

Any ideas ?

Thanks

Improve this question
1
  • So what did you change before it broke? Commented Aug 9, 2011 at 22:25

4 Answers 4

Reset to default
3

Your problems are probably:

  1. You have double quotes within a double quoted string. This shouldn't even run, it's a syntax error.

  2. The space between the variable names and the brackets.

You're potentially vulnerable to SQL injection attacks, and definitely vulnerable to your own logic errors.

Use bound parameters instead.

$st = $db->prepare("UPDATE entry_pending_details SET old_value = ? WHERE id = ?");
$st->execute(array($value['old_value'], $value['id']));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I thought it was the spaces too, but on my 5.3.2, the {} notation works just fine with spaces. e.g. echo {$x ['a']} and echo {$x['a']} both work just fine with $x['a'] = 'yo' and give me 'yo' as (un)expected.
2

You have to use single quotes ' or escape double ones around array indices (like \"). I replaced double quotes with single ones

"UPDATE entry_pending_details SET old_value = '{$value['old_value']}' WHERE id = '{$value['id']}'"
Improve this answer

5 Comments

Tried that. The " within a {} array var do not "break" the string on 5.3.2.
Hmm, really? Wasn't aware of that and can't test right now... Anyway, the OP doesn't mention what version he uses, perhaps it is some earlier version which doesn't support it? But Dan's answer to use parameters is the way to go IMO.
No idea when it would've changed. Surprised me too. I was eyeing the quotes and the spaces in the var names as well, but that (while weird) does work on 5.3.2
Hi, this is inherited bespoke CMS with many issues I'm trying to get my head around. earlier in the code this works SELECT * FROM {$h}, but for some reason this line doesn't. It's puzzling - I'm pretty sure it was fine before. The variables in the array are populated fine.
Well, then next step to debug it would be to dump the value of $value ["id"] and use some mySQL admin software to check does the record with that id exists in DB (ie perhaps the update fails as there is no record to update).
0

what I would do is set the values as vars beforehand. e.g

$old_value = $value['old_value'];
$id = $value['id'];
mysql_query("UPDATE entry_pending_details SET old_value = '$old_value' WHERE id = '$id'");
Improve this answer

Comments

-2

Try the following:

$sql = "UPDATE entry_pending_details SET old_value = '{$value ["old_value"]}' WHERE id = '{$value ["id"]}'";
mysql_query($sql) or die(mysql_error());
echo $sql;

It's a good idea to put the query into a variable so you can examine it later if need be.

As well, what does var_dump($values) show?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.