2

Okay so I'm doing my website again and I want to edit or update the values of the rows so I went to phpmyadmin and check what is the code for updating values so I have this:

UPDATE `database`.`table` SET `title` = 'My Title', `message` = 'My Message' WHERE  `table`.`id` =2 LIMIT 1 ;

So I tried rephrasing it like this on PHP:

mysql_query("UPDATE posts SET title = '$title', message = '$message' WHERE id='$id' LIMIT 1");

But when I tried checking my table, it doesn't change.

By the way, there are no errors showing.

Improve this question
5
  • 3
    What is the content of $title and $contents? Also you need to use mysql_real_escape_string() Commented May 26, 2012 at 8:58
  • 1
    @bsdnoobz No, using mysql_real_escape_string() is no longer best practice. The whole mysql_ family of functions are no longer recommended. You should use the mysqli_ functions or the PDO library instead. These along with parameterised queries will provide good SQL injection protection. Commented May 26, 2012 at 9:07
  • 1
    Have you tried echoing out the constructed query? Have you checked the id you're looking for does exist? btw if id is a PK you don't need the LIMIT clause. Commented May 26, 2012 at 9:08
  • 1
    Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented May 26, 2012 at 9:16
  • Are you correctly connected to your database, does SELECT work ? Commented May 26, 2012 at 10:39

7 Answers 7

Reset to default
2

Try:

mysql_query("UPDATE posts SET title = '" . $title . "' message = '" . $message . "' WHERE id =2 LIMIT 1");

What version of PHP are you using?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@JuvarAbrera OK, perhaps it could be a character encoding problem. Convert HTML entities to character codes (e.g. ') | Convert character codes to HTML elements:
2

Hope this will do

mysql_query("UPDATE posts SET title = '{$title}', message = '{$message}' WHERE id={$id} LIMIT 1");
Improve this answer

Comments

1

I used this:

mysql_query('UPDATE posts SET title = "' . $title .'", message = "' . $message .'" WHERE id=' . $id . ' LIMIT 1');

Improve this answer

Comments

1

You have SQL injection. Which means that a single quote in your message will break the query. Any variable you pass to your query, no matter if it comes from user input, was retrieved from the database, or has hard-coded value, has to be properly escaped. In your case, since you are using mysql* family of function, mysql_real_escape_string is needed. But you can do you a favor by migrating to mysqli (which is really simple process) or PDO, and use Prepared statements. When you are using prepared statements, you can forget about escaping, and bind directly the variables to the placeholders in the query.

Improve this answer

Comments

1

probably you have quotations in your variables so you get a error.

you have two soloutions:

  1. use this syntax : mysql_query("UPDATE posts SET title = '".$title."', message = '".$message."' WHERE id='$id' LIMIT 1");

  2. or better to use the standard php function 'mysql_real_scape_string()' for each variable going to a sql command so each disallow character will be prefixed by a backslash and then there's no problem form you.

Improve this answer

Comments

1

Try

mysql_query("UPDATE posts SET title = '$title', message = '$message' WHERE id=$id");

Or to prevent SQL injection

mysql_query(sprintf("UPDATE posts SET title = '%s', message = '%s' WHERE id=%s LIMIT 1", mysql_real_escape_string($title), mysql_real_escape_string($message), mysql_real_escape_string($id)));

Improve this answer

Comments

0

You are not using the correct text box name for referring in jQuery or script

Please correct it

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.