Cannot update database

Question

nadiam 0 Posting Pro in Training

9 Years Ago

I am trying to update data but i get this error.

Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' username = 'test1', email = 'test1@gmail.com', phone = '012365478'' at line 1' in page.php:16

php:

<?php
    $thename = $_POST['name'];
    $theusername = $_POST['username'];
    $emailaddress = $_POST['email'];
    $phonenumber = $_POST['phone'];
    $status = "Decline";

    require "connection.php";

    $decline = $dbh->prepare("UPDATE users SET status = ? WHERE name = ?, username = ?, email = ?, phone = ?");
    $decline->bindParam(1, $status, PDO::PARAM_STR);
    $decline->bindParam(2, $thename, PDO::PARAM_STR);
    $decline->bindParam(3, $theusername, PDO::PARAM_STR);
    $decline->bindParam(4, $emailaddress, PDO::PARAM_STR);
    $decline->bindParam(5, $phonenumber, PDO::PARAM_STR);
    $decline->execute();    
?>

is it because its a string? i've come to realize when it comes to strings its not so straighforward.

mysql php

4 Contributors
5 Replies
272 Views
4 Days Discussion Span
Latest Post 9 Years Ago Latest Post by nadiam

pritaeas 2,194 ¯\_(ツ)_/¯

9 Years Ago

Status and name are in the reserved word list, so should be in backticks.

https://dev.mysql.com/doc/refman/5.5/en/keywords.html

pixelsoul 272 Red Pill

9 Years Ago

I am actually using $.ajax to pass the data would that factor in the error?

Nope, it's a SQL error you're getting.
You have to separate multiple WHERE conditions with the AND operator.

UPDATE users SET `status` = ? WHERE `name` = ? AND `username` = ? AND `email` = ? AND `phone` = ?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Gideon_1 15 Junior Poster · Answer 1 · 2015-06-15T16:33:42+00:00

Yes I agree with pritaeas, using mysql keywords as raw text renders your sql statement invalid. For my personal preference I usually like using column names nested in back ticks. Try this.

$decline = $dbh->prepare("UPDATE users SET `status` = ? WHERE `name` = ?, `username` = ?, `email` = ?, `phone` = ?");

nadiam 0 Posting Pro in Training · Answer 2 · 2015-06-20T06:54:31+00:00

thank you. i added the backticks but im still getting the same error except now there are backticks on username, email and phone. I am actually using $.ajax to pass the data would that factor in the error?

X-Requested-With:XMLHttpRequest
Form Data
view source
view URL encoded
name:Test Two
username:test2
email:test2@gmail.com
phone:0125478963

just incase:

$("#declineRequest").on("click", function(){

    var full = $("#name").val();
    var username = $("#user").val();
    var emailaddress = $("#emailaddress").val();
    var phonenumber = $("#number").val();

    $.ajax({
        type: "POST",
        url: "declineRequest.php",
        data: "name="+full+"&username="+username+"&email="+emailaddress+"&phone="+phonenumber,
        success:  function(data){
            alert("Request Declined!");
         }
     });
});

nadiam 0 Posting Pro in Training · Answer 3 · 2015-06-20T07:34:21+00:00

nadiam 0 Posting Pro in Training

9 Years Ago

thank you!