Arbu Posted July 7, 2020 Share Posted July 7, 2020 I'm getting an error when I try to update a record in my sql database. Here's my code: function updateRecord($mysqli,$diagram_id,$data,$image){ if(login_check($mysqli)){ $sql = "UPDATE diagrams SET data=$data WHERE id=$diagram_id"; if ($mysqli->query($sql) === TRUE) { // echo "Record updated successfully"; //header("Location: ../account.php"); echo "Success"; exit(); // return true; } else { echo "Error: " . $sql . "<br>" . $mysqli->error; // return false; } $mysqli->close(); exit(); } else { header('Location: ../login.php'); exit(); } } and the response I get is: Quote Error: UPDATE diagrams SET data={ "version": "3.4.0", "objects": [ { "type": "group", ... "linecounter": 1 } WHERE id=88<br>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"version": "3.4.0", "objects": [ { "type": "group", ' at line 2 I have some similar code for deleting a record which works fine: function deleteRecord($mysqli,$diagram_id){ if ($mysqli->connect_error) { die("Connection failed: " . $mysqli->connect_error); } $sql = "DELETE FROM diagrams WHERE id=$diagram_id"; if ($mysqli->query($sql) === TRUE) {} else { echo "Error deleting record: " . $mysqli->error; } $mysqli->close(); } What am I doing wrong? Thanks. Link to comment Share on other sites More sharing options...
Ingolme Posted July 7, 2020 Share Posted July 7, 2020 You need to use prepared statements to prevent the data from messing up the query. You shouldn't put variables directly into an SQL string. Link to comment Share on other sites More sharing options...
Arbu Posted July 8, 2020 Author Share Posted July 8, 2020 I'm already saving files with much the same code, and that works OK. So I don't think there was an issue with not using prepared statements. What now seems to have fixed it however is simply placing single quote marks around $data in $sql. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now