I’m making a website to connect to MySQL, but I’ve this function to update a SQL column in php:
<?php
function insert_db($table, $id, $value, $id2, $value2){
$con = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
if ($db_found){
mysql_query(" UPDATE ".$table." SET ".$id."='".$value."' WHERE ".$id2." = '".$value2."'); //this doesn't work!
mysql_close($con);
}
else {
print "Database not found!";
mysql_close($con);
}
}
?>
But this function doesn’t work! Please help me! And is there a better way of doing this instead of “mysql_query()”?
Advertisement
Answer
You can kinda answer your own question looking at the StackOverflow syntax highlights. You’re missing a closing quote in the SQL statement. As for a better way, I always put my SQL into a variable first. It helps catch these kinds of things. Also, you’re not sanitizing anything here in your function. I hope you’re doing something elsewhere to prevent SQL injection.
I would NOT create your DB connection inside a function. You’re creating a connection, executing ONE query, and then closing it. That’s a lot of overhead for one function. I would pass your connection into your function and use it like that.
function insert_db($con, $table, $id, $value, $id2, $value2){
$sql = "UPDATE " . $table . "
SET " . $id . "='" . $value . "'
WHERE " . $id2 . " = '".$value2."'";
mysqli_query($con, $sql);
}