Drickuss Merguez Drickuss Merguez - 11 months ago 28
PHP Question

update data in existing row in mysql database

I have a table called pack_details with 4 columns. I'm trying to insert new data into an existing table. Can somebody tell me what's wrong with my codes and why i have a parse error?

$sql_query = "UPDATE pack_details SET $delivery_date = $_POST["delivery_date"], $delivery_time = $_POST["delivery_time"]
WHERE $delivery_building = $_POST["delivery_building"]
AND $delivery_room = $_POST["delivery_room"]";


Try any from below options:

 $sql_query = "UPDATE pack_details SET $delivery_date = $_POST['delivery_date'], $delivery_time = $_POST['delivery_time'] WHERE $delivery_building = $_POST['delivery_building'] AND $delivery_room = $_POST['delivery_room']";


 $sql_query = "UPDATE pack_details SET $delivery_date = ".$_POST["delivery_date"].", $delivery_time = ".$_POST["delivery_time"]." WHERE $delivery_building = ".$_POST["delivery_building"]." AND $delivery_room = ".$_POST["delivery_room"]";


 $sql_query = "UPDATE pack_details SET $delivery_date = $_POST[\"delivery_date\"], $delivery_time = $_POST[\"delivery_time\"] WHERE $delivery_building = $_POST[\"delivery_building\"] AND $delivery_room = $_POST[\"delivery_room\"]";

Note: If field name doesn't contain $, remove $ from field name in query. For eg. "$delivery_date" should be "delivery_date"

Suggestion: Instead of using string concatenation for building, You should use bind parameters to pass value to query. It helps to prevent SQL injection as well as code look well.