Update sql database

Tripple · October 22, 2015, 2:17am

I’m trying to update the records in a database and it doesn’t seem to work. My code looks like below.

<?php

$servername = "info";
$username = "info";
$password = "info";
$dbname = "info";

//Create a Connection
$con = new mysqli($servername,$username,$password,$dbname);

if($con->connect_error) {

die("Connection failed: " . $con->connect_error);

}

$updateId = $_POST["updatId"];
$updateFname = $_POST["fname"];
$updateLname = $_POST["lname"];


// Attempt update query execution
$sql = "UPDATE my_table
 SET fname='$updateFname', lname='$updateLname', WHERE id='$updateId'";

if($con->query($sql)==TRUE){
print "Records updated successfully";

} else {

print "Error: " . $con->error;

}

?>

It gives me the error code below.
“Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE id=‘65’’ at line 2”

spaceshiptrooper · October 22, 2015, 2:21am

Right there. You have a comma which will throw you the error. While I am at it. I recommend using prepared statements. I know this isn’t your original question, but it is recommended.

felgall · October 22, 2015, 5:48am

Another recommendation would be to validate the inputs in $_POST before copying tainted values into fields that you ought to be able to assume are untainted.

system · January 21, 2016, 12:49pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.