I want to change data from a database but I keep getting errors and I just cannot find the mistake I made..
Here's the code:
if(isset($_POST['id'])) {
if(is_numeric($_POST['id'])) {
$change = pg_query($db, "SELECT * FROM azubi3 WHERE id = ".$_POST['id']."");
echo $change;
if($auto == "") {
$auto = "false";
}
else { $auto = "true"; }
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = ".$auto.", auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");
}
else { echo "ID muss eine Zahl sein!"; }
}
And that's the error i get:
Warning: pg_query(): Query failed: ERROR: syntax error at or near "," LINE 1: ...achname = 'Mustermüller', auto = false, auto_id = , schuh_id... ^ in /srv/www/htdocs/azubi2/test3.php on line 82
First thing your sql is vulenrable to injection, you should correct it.
For the sake of your question :
false is a reserved keyword, please use string around it:
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = '".$auto."', auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");