0

I'm making a website to connect to MySQL, but I've this function to update a SQL column in php:

<?php
    function insert_db($table, $id, $value, $id2, $value2){
       $con = mysql_connect($server, $user_name, $password); 
       $db_found = mysql_select_db($database); 
       if ($db_found){
          mysql_query(" UPDATE ".$table." SET ".$id."='".$value."' WHERE ".$id2." = '".$value2."'); //this doesn't work!
          mysql_close($con);
       }
       else {
          print "Database not found!";
          mysql_close($con);
       }
    }
?>

But this function doesn't work! Please help me! And is there a better way of doing this instead of "mysql_query()"?

Improve this question
5
  • Easy way: Look at the syntax highlighting to see, what is wrong. Commented Dec 1, 2013 at 14:00
  • 1
    You are using an obsolete database API and should use a modern replacement. Learn about prepared statements. Commented Dec 1, 2013 at 14:00
  • I edited the code and fixed it at the same time. You should also use MySQLi uk.php.net/mysqli Commented Dec 1, 2013 at 14:09
  • @tntu when you change the complete code of someone when you edit the question, you make the complete question useless. You might change relevant errors in the code that way. Commented Dec 1, 2013 at 14:09
  • @GeraldSchneider I did not realize until after the edit. Commented Dec 1, 2013 at 14:10

2 Answers 2

Reset to default
1

You can kinda answer your own question looking at the StackOverflow syntax highlights. You're missing a closing quote in the SQL statement. As for a better way, I always put my SQL into a variable first. It helps catch these kinds of things. Also, you're not sanitizing anything here in your function. I hope you're doing something elsewhere to prevent SQL injection.

I would NOT create your DB connection inside a function. You're creating a connection, executing ONE query, and then closing it. That's a lot of overhead for one function. I would pass your connection into your function and use it like that.

function insert_db($con, $table, $id, $value, $id2, $value2){
     $sql = "UPDATE " . $table . " 
       SET " . $id . "='" . $value . "' 
       WHERE " . $id2 . " = '".$value2."'";
       mysqli_query($con, $sql);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1
  1. you are missing a closing quote " at the end of your mysql_query().
  2. your variables $server, $user_name, $password and $database do not exist inside your function. If you set it outside the function you have to import them with global $server, $user_name, $password, $database before you can use them.
  3. The mysql_* functions are becoming deprecated. Don't write new code with them, use mysqli_* or PDO objects.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.