This is my php code to update products in database:
$sql="UPDATE product SET name=$newname , price=$price , stock=$stock , color=$color WHERE id=$id"; if($conn->query($sql)){ echo "product update"; }
It gives this error:
Error: UPDATE product SET name=samsung galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'galaxy note 20 ultra , price=40000 , stock=5 , color=white WHERE id=1' at line 1
Advertisement
Answer
This code should work:
$sql="UPDATE product SET name='$newname', price='$price', stock='$stock', color='$color' WHERE id='$id';";
But a better approach would be to use parameterized prepared statements as you are vulnerable now to SQL injections. Also refer to: https://dev.mysql.com/doc/apis-php/en/apis-php-mysqli.quickstart.prepared-statements.html