This question already has an answer here:
Hello i get this error when i try to update my database columns
ERROR You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
<?php
$id = $_POST['id'];
$title = urlencode($_POST['title']);
$img = urlencode($_POST['img']);
$url = urlencode($_POST['url']);
$dec = urlencode($_POST['dec']);
mysqli_query($mysqli,"UPDATE posts SET title = $title, img = $img, url = $url, dec = $dec WHERE id = $id") or die(mysqli_error($mysqli));
?>
</div>
Please try below code. I hope it will works fine. If not let me know.
<?php
$id = $_POST['id'];
$title = urlencode($_POST['title']);
$img = urlencode($_POST['img']);
$url = urlencode($_POST['url']);
$dec = urlencode($_POST['dec']);
mysqli_query($mysqli,'UPDATE posts SET title = "'.$title.'", img = "'.$img.'", url = "'.$url.'", dec = "'.$dec.'" WHERE id = **'.$id.'**') or die(mysqli_error($mysqli));
?>
Just for the record, the accepted answer is WRONG.
The question is not about Mysql syntax, but how to run a query from PHP using mysqli. And in these circumstances the rules change.
One should never put their variables into silly quotes, leaving their query wide open for sql injection attack, but run a query using prepared statements. And so the proper answer is here: How can I prevent SQL injection in PHP?