I am relatively new to MySQL and PHP and I have been trying to UPDATE a table for a very long time now, I've searched Google and SO and I still can't figure it out.
Here is the php:
$info = array('about_me' => NULL, 'profile_pic' => NULL, 'political_party' => NULL, 'econ_views' => NULL, 'religious_views' => NULL,
'abortion_view' =>NULL,'gay_marraige' => NULL, 'other' => NULL);
foreach ($_POST as $key => $value) {
$info[$key] = mysql_escape_string($value);
}
$about_me = $info['about_me'];
$profile_pic = $info['profile_pic'];
$econ_views = $info['econ_views'];
$religious_views = $info['religious_views'];
$abortion_view = $info['abortion_view'];
$gay_marraige = $info['gay_marraige'];
$other = $info['other'];
$political_party = $info['political_party'];
//Connect to database
require 'db.php';
$query = "UPDATE `users` SET `about_me`=$about_me, `profile_pic`=$profile_pic, `econ_views`=$econ_views,
`religious_views`=$religious_views,`abortion_view`=$abortion_view,`gay_marriage`=$gay_marraige,
`other`=$other, `political_party`=$political_party WHERE `username`=emoore24";
echo "$query"."<br /><br />";
$result = mysql_query($query) or die(mysql_error());
echo "success"
This is run on a form with many text areas and one select element. I ran everything with simple strings as data and got this:
UPDATE
usersSETabout_me=test about,profile_pic=,econ_views=test econ,religious_views=test rel,abortion_view=test abortion,gay_marriage=test gay marraige,other=test other,political_party=democrat WHEREusername=emoore24You have an error in your SQL syntax; check the manual that corresponds to your MySQL >server version for the right syntax to use near '
econ_views=test econ, >religious_views=test rel,abortion_view=test abor' at line 1
I'm assuming that it's something small, but I can't see it. Could anyone help?
You haven't put quotes around any of your string literals.
UPDATE `users` SET
`about_me`=about_me,
`profile_pic`=,
`econ_views`=test econ,
`religious_views`=test rel,
`abortion_view`=test abortion,
`gay_marriage`=test gay marraige,
`other`=test other,
`political_party`=democrat
WHERE `username`=emoore24
Should be:
UPDATE `users` SET
`about_me`='about_me',
`profile_pic`=NULL,
`econ_views`='test econ',
`religious_views`='test rel',
`abortion_view`='test abortion',
`gay_marriage`='test gay marraige',
`other`='test other',
`political_party`='democrat'
WHERE `username`='emoore24'
If you use PDO with prepared statements, it would be a lot simpler and safer, and you won't have to worry about quoting or escaping literals. For example, here's how I might write that code:
$info = array(
'about_me' => NULL,
'profile_pic' => NULL,
'political_party' => NULL,
'econ_views' => NULL,
'religious_views' => NULL,
'abortion_view' => NULL,
'gay_marriage' => NULL,
'other' => NULL
);
$query = "UPDATE `users` SET
`about_me`=:about_me,
`profile_pic`=:profile_pic,
`econ_views`=:econ_views,
`religious_views`=:religious_views,
`abortion_view`=:abortion_view,
`gay_marriage`=:gay_marriage,
`other`=:other,
`political_party`=:political_party
WHERE `username`=:username";
if (($stmt = $pdo->prepare($query)) == FALSE) {
$err = $pdo->errorInfo(); die($err[2]);
}
$values = array_intersect_key($_POST, $info);
$values['username'] = 'emoore24';
if ($stmt->execute( $values ) == FALSE) {
$err = $stmt->errorInfo(); die($err[2]);
}
You need to quote the text in your query
UPDATE `users` SET `about_me`='about_me'
And do the same for the other fields.
profile_pic=, also looks wrong. I run my queries by hand in a mysql IDE or mysql command line editor to see what the issues are.
I also start with a small select statement and build it up. After I have a select statement that works I switch it to a update statement.
Your query is wrong. You need to put quotes around all values :
Change your query like this:
$query = "UPDATE `users` SET `about_me`='about_me', `profile_pic`='$profile_pic', `econ_views`='$econ_views',`religious_views`='$religious_views',`abortion_view`='$abortion_view',`gay_marriage`='$gay_marraige', `other`='$other', `political_party`='$political_party' WHERE `username`='emoore24'";
Hope this works :)