I’m making a website to connect to MySQL, but I’ve this function to update a SQL column in php:
<?php function insert_db($table, $id, $value, $id2, $value2){ $con = mysql_connect($server, $user_name, $password); $db_found = mysql_select_db($database); if ($db_found){ mysql_query(" UPDATE ".$table." SET ".$id."='".$value."' WHERE ".$id2." = '".$value2."'); //this doesn't work! mysql_close($con); } else { print "Database not found!"; mysql_close($con); } }?>But this function doesn’t work! Please help me! And is there a better way of doing this instead of “mysql_query()”?
Advertisement
Answer
You can kinda answer your own question looking at the StackOverflow syntax highlights. You’re missing a closing quote in the SQL statement. As for a better way, I always put my SQL into a variable first. It helps catch these kinds of things. Also, you’re not sanitizing anything here in your function. I hope you’re doing something elsewhere to prevent SQL injection.
I would NOT create your DB connection inside a function. You’re creating a connection, executing ONE query, and then closing it. That’s a lot of overhead for one function. I would pass your connection into your function and use it like that.
function insert_db($con, $table, $id, $value, $id2, $value2){ $sql = "UPDATE " . $table . " SET " . $id . "='" . $value . "' WHERE " . $id2 . " = '".$value2."'"; mysqli_query($con, $sql);}