Updating a mysql database

Question

I am trying to edit a Mysql database. Can someone tell me why this is not working, it doesn't update anything

mysqli_query($con,"UPDATE Users SET day_started=1 WHERE email='$user_data['email']'");

$user_data['email'] works I checked it. I tried echoing it and it did echo the value I wanted. I also checked the database and the value I want it on of the fields in email.

Thank you for your help:)

What does mysqli_error() say? Have you echo'd out the query to make sure it is correct? Have you run it from the command line? Are you sure there is a row that matches that criteria? — John Conde, Aug 03 '13 at 02:11
There might be a #1064 error because of **`email='$user_data['email']'`** — hjpotter92, Aug 03 '13 at 02:12
Use prepared/parameterized queries. You're opening yourself up to SQL injection attacks. — Brad, Aug 03 '13 at 02:17

ChunkyBaconPlz · Accepted Answer · 2013-08-03T02:29:39.760

4

Try this:

$user_email = mysqli_real_escape_string($con, $user_data['email']);

mysqli_query($con,"UPDATE `Users` SET `day_started`='1' WHERE `email`='".$user_email."'");

I suspect the answer lies with your not properly embedding a PHP variable in your query string. Check out those sexy full stops on each side of $user_email. PHP loves it when you do that.

I also sanitized your input and stuff, and formatted your query with backticks because PHP also loves that.

edited Aug 03 '13 at 02:29

answered Aug 03 '13 at 02:21

ChunkyBaconPlz

570
2
10

This doesn't really answer the question. The question is "Can someone tell me why this is not working". – Mike Aug 03 '13 at 02:22

score 2 · Answer 2 · edited May 23 '17 at 12:05

The reason this is not working is because you are using part of an array in a string. In order to do that, you have a few options:

Use curly braces around it:

"UPDATE Users SET day_started=1 WHERE email='{$user_data['email']}'"
Concatenation:

"UPDATE Users SET day_started=1 WHERE email='".$user_data['email']."'"
Use temporary variables:

$email = $user_data['email'];

Then in your string:

"UPDATE Users SET day_started=1 WHERE email='$email'"
(bonus, I just learned this myself) Remove the quotes around email:

"UPDATE Users SET day_started=1 WHERE email='$user_data[email]'"

It actually surprised me that this works and doesn't throw a notice/warning. The following, however, does produce a notice, so be careful (it needs to be in a double quoted string or probably heredoc):

echo $user_data[email];

Notice: Use of undefined constant email - assumed 'email'

However the fact that you are even asking this poses some great problems. First, you should turn on error_reporting. Therefore if any error occurs, it will yell and scream at you if all goes well. Second, you should do the same for mysqli. And finally, if you're using mysqli, use prepared statements. This is precisely what they're for.

You need to be more specific about what "did not work" is supposed to mean. But like I said in my answer, prepared statements are the way to go. Seriously. Forget doing it any other way. — Mike, Aug 03 '13 at 17:21

wusuopubupt · Answer 3 · 2013-08-03T03:33:44.117

it's because of that the single quotes matches which is nearest to it. so in your code email='$user_data['email']' ,the first single quotes in'$ just matches that in ['email .to avoid this,you can modify your sql code like this:

"UPDATE Users SET day_started=1 WHERE email='$user_data[email]'",this really works.

or just do like this:

$post_email = $user_data['email'];
"UPDATE Users SET day_started=1 WHERE email='$post_email'";

Updating a mysql database

3 Answers3