Home/ Questions/Q 930933
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T20:25:08+00:00

I’m trying to change a database entry with PHP but is stuck with this

  • 0

I’m trying to change a database entry with PHP but is stuck with this error message:

Error: You have an error in your SQL
syntax; check the manual that
corresponds to your MySQL server
version for the right syntax to use
near ‘Bjelkholm Lövgren AND adress =
Brinellgatan 14 AND postnummer = 57135
‘ at line 1

Code:

$namn = sanitize($_GET['namn']);
$adress = sanitize($_GET['adress']);
$postnummer = sanitize($_GET['postnummer']);
$postort = sanitize($_GET['postort']);
$email = sanitize($_GET['email']);
$status = 0;
$sql="UPDATE ordrar SET namn = $namn AND adress = $adress AND postnummer = $postnummer
AND postort = $postort AND email $email AND status = $status WHERE email = $email";
if (!mysql_query($sql))
{
    die('Error: ' . mysql_error());
}

Thanks for answers.
/Victor

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. SET statement values delimiter is comma, not AND
    2. string values should be quoted

    To make SET statements it would be nice to use a small function

    function dbSet($fields) {
  $set='';
  foreach ($fields as $field) {
    if (isset($_POST[$field])) {
      $set.="`$field`='".mysql_real_escape_string($_POST[$field])."', ";
    }
  }
  return substr($set, 0, -2); 
}

    and than just

    $table = "ordrar";
$email = mysql_real_escape_string($_POST['email']);
$fields = explode(" ","namn adress postnummer postort email status");
$query  = "UPDATE $table SET ".dbSet($fields)." WHERE email='$email'";

    will bring you properly formatted query

    however, using email for row identification is bad.
    I’d suggest to use an auto-increment id field to identify your records instead of email.

    • 0