Update with MYSQL PHP

Question

Update with MYSQL PHP

Navigation

#1 by (2 votes)
#2 by (1 votes)

1

I have this code, but it does not update, and I do not know why.

<?php
// if ($_POST['accemail'] == "" || $_POST['accname'] == "" || $_POST['accphone'] == ""){
    // header("Location: myaccount.php");
// } else
// {
    include ("db_files/db.php");
    $strSQL = "UPDATE usuarios SET email = '".$_POST['accemail']."', nombre = '".$_POST['accname'] ."' razon_social = '".$_POST['accsocialreason']."', nif = '".$_POST['accnif']."', telefono = '".$_POST['accphone']."', direccion = '".$_POST['accaddress']."', ciudad = '".$_POST['acccity']."', provincia = '".$_POST['accprovince']."', codigo_postal = '".$_POST['acccp']."' pais = '".$_POST['acccountry']."' ";
    echo $strSQL;
    $query = mysqli_query($db, $strSQL);
    if (mysqli_connect_errno()){
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    // }

// }
?>

I get this error:

Parse error: syntax error, unexpected end of file in C: \ xampp \ htdocs \ oneplayer_git \ accupdate.php on line 15

Does not print variable $strSQL

mysql php mysqli

asked by Pavlo B. 28.10.2016 в 12:48

source

2 answers

2

You are missing several , , before razon_social and before pais .:

$strSQL = "UPDATE usuarios SET email = '".$_POST['accemail'].
"', nombre = '".$_POST['accname'] .
"' razon_social = '".$_POST['accsocialreason'].
"', nif = '".$_POST['accnif'].
"', telefono = '".$_POST['accphone'].
"', direccion = '".$_POST['accaddress'].
"', ciudad = '".$_POST['acccity'].
"', provincia = '".$_POST['accprovince'].
"', codigo_postal = '".$_POST['acccp'].
"' pais = '".$_POST['acccountry']."' ";

On the other hand, you do not have a WHERE clause, so you are modifying ALL the records in the database. ¿?.

answered by 28.10.2016 в 12:58

PHPExcel comment in black Problem with query JPQL + JPA + JSF + EJB

score 1 · Accepted Answer

I recommend "escaping" the data received by POST to avoid SQL injections link

To escape you can use the real_escape_string () function, I'll give you an example:

<?php
 if($_POST['accemail'] == "" || $_POST['accname'] == "" || $_POST['accphone'] == ""){
    header("Location: myaccount.php");
 }else{

    include ("db_files/db.php");

    $post_accemail = mysqli_real_escape_string($db, $_POST['accemail']);
    $post_accname = mysqli_real_escape_string($db, $_POST['accname']);
    $post_accsocialreason = mysqli_real_escape_string($db, $_POST['accsocialreason']);
    $post_accnif = mysqli_real_escape_string($db, $_POST['accnif']);
    $post_accphone = mysqli_real_escape_string($db, $_POST['accphone']);
    $post_accaddress = mysqli_real_escape_string($db, $_POST['accaddress']);
    $post_acccity = mysqli_real_escape_string($db, $_POST['acccity']);
    $post_accprovince = mysqli_real_escape_string($db, $_POST['accprovince']);
    $post_acccp = mysqli_real_escape_string($db, $_POST['acccp']);
    $post_acccountry = mysqli_real_escape_string($db, $_POST['acccountry']);


    $strSQL = "UPDATE usuarios SET email = '$post_accemail', nombre = '$post_accname'...

Just as you have been told that you do not have the WHERE clause, therefore, all the records in the user table will be affected since you do not specify which record you want to update.