Home/ Questions/Q 6848367
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T00:51:34+00:00

I’m creating a simple mysql table that contains an id, firstname, lastname and an

  • 0

I’m creating a simple mysql table that contains an id, firstname, lastname and an email. The table creation code is as follows:

$sql="CREATE TABLE users
(
   id int NOT NULL auto_increment,
   PRIMARY KEY(id),
   firstname varchar(20),   
   lastname varchar(20),
   email varchar(40)
)";

Table creation works and I’ve had no issues. My problem comes when I try to update the table, and the user information.

My update query looks as follows:

mysql_select_db(dustin,$con);

$sql="UPDATE users SET firstname='".$_GET['fn']."',lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";

$sherlock=mysql_query($sql,$con);

Essentially, I open a file that allows the user to edit the stored information in form elements and then when the update query runs it should alter the information contained within the table.

mysql_error(); shows no output and the UPDATE query fails.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    $sql="UPDATE users SET firstname='".$_GET['fn']."', lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";

    Let’s see… do this.

    $sql="UPDATE `users` SET firstname='{$_GET['fn']}', lastname='{$_GET['ln']}', email='{$_GET['emadd']}'";

    BUT I DO NOT RECOMMEND THIS!!!

    Clean your data first with mysql_real_escape_string() to prevent SQL injection!

    For example:

    $firstname = mysql_real_escape_string($_GET['fn']);
$lastname = mysql_real_escape_string($_GET['ln']);
$email = mysql_real_escape_string($_GET['emadd']);

$sql="UPDATE `users` SET `firstname`='$firstname', `lastname`='$lastname', `email`='$email' WHERE ...";

mysql_query($sql);

    Also, where’s your WHERE clause?

    • 0