Home/ Questions/Q 4267094
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T06:51:05+00:00

This is probably a very trivial question but I’ve been struggling with it for

  • 0

This is probably a very trivial question but I’ve been struggling with it for a while and also tried finding answers online and still getting errors.

Trying to write a simple UPDATE query for a PHP/MySql form:

  $sql="UPDATE mytable SET numericValue = '".$someid."', description =  '".$sometext."' WHERE id='".$myid."' ";

Whilst all numeric values are being passed and updated fine, I can’t get the description right. The description column is a VARCHAR and $sometext is a string and I cant get it escaped / wrapped with quotes correctly.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should make use of sprintf, it avoids string confusion by providing placeholders (%d for decimals, %s for strings). See the manual for more.

    $sql= sprintf("UPDATE mytable SET numericValue = %d, description = '%s' WHERE id = %d", $someid, $sometext, $myid);

    If $someText is coming from GET/POST/.. you should wrap a mysql_real_escape_string() around it to prevent SQL injection (or use PDO prepared statements).

    • 0