UPDATE Query not working php+mysql

Question

I am trying UPDATE to update my data with the following code. There might be problem in UPDATE query, but I checked syntax, modified it, but still its not working. Please Help.

FORM.php

<?php
require_once 'conn.php';
$var = $_GET['q'];
$varmod = 'tid="'.$var.'"';
$query = "SELECT * FROM temptable WHERE $varmod";
$result = mysql_query($query, $db) or die(mysql_error($db));
while ($row = mysql_fetch_assoc($result)) {
    $head = $row['thead'];
    $text = $row['ttext'];
    echo "<div id='main'>";
    echo "<form action='show.php?q=".$row['tid']."' method='POST'>";
    echo "<textarea name='thead' id='thead'>$head</textarea><br>";
    echo "<textarea name='ttext' >$text</textarea><br>";
    echo "<input type='submit' value='Update' /></form></div>";
}
?>

show.php

<?php
$title = $_POST['thead']; 
$text = $_POST['ttext'];
$date = date("Y-m-d");  
require_once 'conn.php';

if(isset($title)){  
    if (isset($_GET['q'])) {
        $temp = $_GET['q'];
        $query = "UPDATE temptable SET thead=\"$title\" AND ttext=\"$text\" WHERE tid=\"$temp\"";
    }
    else{
    $query= "INSERT INTO temptable
    (thead, ttext, tdate) 
    VALUES (\"$title\", \"$text\", \"$date\")";
    }
    $result = mysql_query($query, $db) or die(mysql_error($db));
}

Well INSERT query is working well.

Your query should be like: `UPDATE temptable SET thead=\"$title\", ttext=\"$text\" WHERE tid=\"$temp\""` so.. replace "and" with comma.. — Hardy, Jun 04 '14 at 23:08
Of course you're not seeing errors, you're not checking for them. — O. Jones, Jun 04 '14 at 23:10
Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` — Funk Forty Niner, Jun 04 '14 at 23:10
You need to read up on [proper SQL escaping](http://bobby-tables.com/php) so you don’t create any more severe [SQL injection bugs](http://bobby-tables.com/) like the one you have here. Also, `mysql_query` should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and is a safer way to compose queries. `$_GET` data **never** goes directly in a query. — tadman, Jun 04 '14 at 23:10
Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**`mysqli_*` with prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo) with [**prepared statements**](http://php.net/pdo.prepared-statements). — Funk Forty Niner, Jun 04 '14 at 23:11
@Hardy You should have made that as an answer. You have my blessing ;-) — Funk Forty Niner, Jun 04 '14 at 23:17

score 1 · Accepted Answer · answered Jun 04 '14 at 23:14

1

Mysql Update queries must be like this ;

"UPDATE targettable SET column='$var1', column2='$var2' WHERE targetcolumn='$target'";

Try this it will help you..

answered Jun 04 '14 at 23:14

1

[`It's already been answered/solved`](https://stackoverflow.com/questions/24049043/update-query-not-working-phpmysql#comment37078900_24049043) this is points mongering. – Funk Forty Niner Jun 04 '14 at 23:16
Sory, i didnt see any answer on this question marked as **correct answer**.. That is why i answered it... – Jun 04 '14 at 23:18
Well, since Hardy doesn't seem to want to make it as an answer, it's all yours ;-) – Funk Forty Niner Jun 04 '14 at 23:28

score 0 · Answer 2 · answered Jun 05 '14 at 05:19

0

use ,(comma) instead of AND in your update query then it will work fine.

"UPDATE temptable SET thead='".$title."', ttext='".$text."' WHERE tid='".$temp."' ";

answered Jun 05 '14 at 05:19

Vivek Singh

2,435
1
12
24

UPDATE Query not working php+mysql

2 Answers2