I have a form that users can use to edit data in my database.

Question

0

Editorial Team

Asked: June 14, 20262026-06-14T13:54:44+00:00 2026-06-14T13:54:44+00:00

I have a form that users can use to edit data in my database.

0

I have a form that users can use to edit data in my database. The database is structured like this:

table

If a user wants to edit both a FAVE_COLOR and a FAVE_FOOD, how would I go about doing that in my SQL statement? I can think of this, but is there a way to do this in one statement?

string sql1 = "UPDATE MYTABLE " +
              "SET PROP_VALUE = '" + form["color"] + "' " +
              "WHERE ID = " + form["id"] + " " +
              "AND PROP_NAME = 'FAVE_COLOR'"

string sql2 = "UPDATE MYTABLE " +
              "SET PROP_VALUE = '" + form["food"] + "' " +
              "WHERE ID = " + form["id"] + " " +
              "AND PROP_NAME = 'FAVE_FOOD'"

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T13:54:45+00:00

string sql = "UPDATE MYTABLE " +
             "SET PROP_VALUE = CASE " +
             "WHEN PROP_NAME = 'FAVE_COLOR' THEN '" + form["color"] + "' " +
             "WHEN PROP_NAME = 'FAVE_FOOD'  THEN '" + form["food"]  + "' " +
             "END " +
             "WHERE ID = " + form["id"] + " " +
             "AND PROP_NAME IN ('FAVE_COLOR', 'FAVE_FOOD')"

But beware of SQL injection! You really should be using prepared statements, into which you pass your variables as parameters that do not get evaluated for SQL. If you don’t know what I’m talking about, or how to fix it, read the story of Bobby Tables.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a form that users can use to edit data in my database.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply