2

I am relatively new to MySQL and PHP and I have been trying to UPDATE a table for a very long time now, I've searched Google and SO and I still can't figure it out.

Here is the php:

$info = array('about_me' => NULL, 'profile_pic' => NULL, 'political_party' => NULL,         'econ_views' => NULL, 'religious_views' => NULL, 
'abortion_view' =>NULL,'gay_marraige' => NULL, 'other' => NULL);

foreach ($_POST as $key => $value) {
    $info[$key] = mysql_escape_string($value);
}

$about_me = $info['about_me'];
$profile_pic = $info['profile_pic'];
$econ_views = $info['econ_views'];
$religious_views = $info['religious_views'];
$abortion_view = $info['abortion_view'];
$gay_marraige = $info['gay_marraige'];
$other = $info['other'];
$political_party = $info['political_party'];

//Connect to database
require 'db.php';

$query = "UPDATE `users` SET `about_me`=$about_me, `profile_pic`=$profile_pic,   `econ_views`=$econ_views,
       `religious_views`=$religious_views,`abortion_view`=$abortion_view,`gay_marriage`=$gay_marraige, 
    `other`=$other, `political_party`=$political_party WHERE `username`=emoore24";

echo "$query"."<br /><br />";
$result = mysql_query($query) or die(mysql_error());

echo "success"

This is run on a form with many text areas and one select element. I ran everything with simple strings as data and got this:

UPDATE users SET about_me=test about, profile_pic=, econ_views=test econ, religious_views=test rel,abortion_view=test abortion,gay_marriage=test gay marraige, other=test other, political_party=democrat WHERE username=emoore24

You have an error in your SQL syntax; check the manual that corresponds to your MySQL >server version for the right syntax to use near ' econ_views=test econ, >religious_views=test rel,abortion_view=test abor' at line 1

I'm assuming that it's something small, but I can't see it. Could anyone help?

Improve this question

4 Answers 4

Reset to default
4

You haven't put quotes around any of your string literals.

UPDATE `users` SET 
  `about_me`=about_me, 
  `profile_pic`=, 
  `econ_views`=test econ,  
  `religious_views`=test rel,
  `abortion_view`=test abortion,
  `gay_marriage`=test gay marraige, 
  `other`=test other, 
  `political_party`=democrat 
WHERE `username`=emoore24

Should be:

UPDATE `users` SET 
  `about_me`='about_me', 
  `profile_pic`=NULL, 
  `econ_views`='test econ',  
  `religious_views`='test rel',
  `abortion_view`='test abortion',
  `gay_marriage`='test gay marraige', 
  `other`='test other', 
  `political_party`='democrat' 
WHERE `username`='emoore24'

If you use PDO with prepared statements, it would be a lot simpler and safer, and you won't have to worry about quoting or escaping literals. For example, here's how I might write that code:

$info = array(
  'about_me' => NULL, 
  'profile_pic' => NULL, 
  'political_party' => NULL,
  'econ_views' => NULL, 
  'religious_views' => NULL, 
  'abortion_view' => NULL,
  'gay_marriage' => NULL, 
  'other' => NULL
);

$query = "UPDATE `users` SET 
      `about_me`=:about_me, 
      `profile_pic`=:profile_pic, 
      `econ_views`=:econ_views,  
      `religious_views`=:religious_views,
      `abortion_view`=:abortion_view,
      `gay_marriage`=:gay_marriage, 
      `other`=:other, 
      `political_party`=:political_party 
    WHERE `username`=:username";

if (($stmt = $pdo->prepare($query)) == FALSE) {
  $err = $pdo->errorInfo(); die($err[2]);
}

$values = array_intersect_key($_POST, $info);
$values['username'] = 'emoore24';

if ($stmt->execute( $values ) == FALSE) {
  $err = $stmt->errorInfo(); die($err[2]);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Sorry noob question here, but are you saying I need quotes around all of my variables within the $query string? If so, should they be double quotes? thanks for the quick response
@emoore: Use single-quotes for string literals in SQL. See my answer to Do different databases use different name quote
@emoore: Also you should fix the misspelling "gay_marraige" your $info array.
2

You need to quote the text in your query

UPDATE `users` SET `about_me`='about_me'

And do the same for the other fields.

Improve this answer

Comments

1

Your query is wrong. You need to put quotes around all values :

Change your query like this:

$query = "UPDATE `users` SET `about_me`='about_me', `profile_pic`='$profile_pic',   `econ_views`='$econ_views',`religious_views`='$religious_views',`abortion_view`='$abortion_view',`gay_marriage`='$gay_marraige', `other`='$other', `political_party`='$political_party' WHERE `username`='emoore24'";

Hope this works :)

Improve this answer

Comments

0

profile_pic=, also looks wrong. I run my queries by hand in a mysql IDE or mysql command line editor to see what the issues are.

I also start with a small select statement and build it up. After I have a select statement that works I switch it to a update statement.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.