Correct Syntax

Question

zia zia 0 Newbie Poster

14 Years Ago

I just want to know if this is the correct syntax for updating data in the database.

<?php
	$user_id = $_GET['user_Id'];
	$qry = mysql_query("SELECT win_id,win_net_drives,win_asset_no,win_new_pc,win_requirements,win_uid FROM windows_application WHERE win_uid = '".$user_id."'");
	$db = mysql_fetch_array($qry);
	
	if($_GET['process'] == 1){
		$drives = $_POST['network_drive'];
		$asset = $_POST['win_asset_no'];
		$newpc = $_POST['new_pc'];
		$winreq = $_POST['win_requirements'];
		$qry = mysql_query("UPDATE windows_application SET win_net_drives= '".$drives."'");
		$qry = mysql_query("UPDATE windows_application SET win_asset_no= '".$asset."'");
		$qry = mysql_query("UPDATE windows_application SET new_pc= '".$newpc."'");
		$qry = mysql_query("UPDATE windows_application SET win_requirements= '".$winreq."'");
			}
?>

php

3 Contributors
2 Replies
155 Views
6 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by rajarajan2017

blocblue 238 Posting Pro in Training

14 Years Ago

Syntaxically, it is correct. I have two comments however:

1. You really should validate every variable being sent to the server from the browser. Otherwise you leave your website open to MySQL injection and XXS attacks.

2. Not really important, however if your string is enclosed in " (double quotes), then you can include variable names in the string itself. This is because double quoted strings are special in that PHP parses them and any variables/logic it finds within them. The opposite is also true. If you don't want PHP to parse the string, use single quotes, as this saves on processing time.

$qry = mysql_query("UPDATE windows_application SET win_net_drives= '$drives'");

R

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rajarajan2017 · Answer 1 · 2010-06-17T18:33:32+00:00

You can simply test your update query in your phpadmin sql editor if it is updated then your query syntax is right otherwise wrong. give it a try. Best Practice..