Hi all, I have a simple problem. I am trying to update a field in a table row with new info. I am using this form - <form action="updatequote.php" method="post"> <input type="text" name="Quote" maxlength="300" value="Type quote"><br /> <input type="submit" value="Submit"> <form> HTML: and this php code: <?php include("config.php"); include("functions.php"); ?> <?php // Insert a row of information into the table "members" mysql_query("update members set quote='$quote' VALUES('$_POST[quote]')") or die(mysql_error()); echo "Data Inserted!"; ?> PHP: Problem is the field does not update?! i get i nice error message - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES('')' at line 2
name="Quote" Code (markup): $_POST[quote] PHP: Variables (and array keys) are case-sensitive. And you should really have a look at www.php.net/mysql_real_escape_string
Ok, im now using this - <form action="updatequote.php" method="post"> <input type="text" name="quote" maxlength="300" value="Type quote"><br /> <input type="submit" value="Submit"> <form> HTML: <?php $sql="update members set quote='$quote', where username='$ses_username'" $updated=true; mysql_query($sql); ?> PHP: and get this - Parse error: parse error, unexpected T_VARIABLE in /home/p/i/picturest/public_html/updatequote.php on line 10
<?php mysql_query(" UPDATE members SET quote = '" . substr(mysql_real_escape_string($_POST['quote']), 0, 300) . "' WHERE username = '" . mysql_real_escape_string($ses_username) . "' ") OR die(mysql_error()); $updated=true; ?> PHP: And I repeat, you should really have a look at the page I posted above.
Just click the link. It's ALL explained there. And you should also look at what can happen if you don't use it. (Also on the page above)