Skip to content
Advertisement

Php mysql query update of data gives syntax error

This is my php code to update products in database:

$sql="UPDATE product SET name=$newname , price=$price , stock=$stock , color=$color WHERE id=$id";
if($conn->query($sql)){
    echo "product update";
}

It gives this error:

Error: UPDATE product SET name=samsung galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1' at line 1

Advertisement

Answer

This code should work:

$sql="UPDATE product SET name='$newname', price='$price', stock='$stock', color='$color' WHERE id='$id';";

But a better approach would be to use parameterized prepared statements as you are vulnerable now to SQL injections. Also refer to: https://dev.mysql.com/doc/apis-php/en/apis-php-mysqli.quickstart.prepared-statements.html

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement