에이바 에이바 - 6 months ago 14
SQL Question

MySQLi prepared update statement in PHP

How do you write a prepared update statement? Reference:mysqli::prepare

I've tried writing it as described:

if ($stmt = $mysqli->prepare("UPDATE tblFacilityHrs SET title =? description = ? WHERE uid = ?")){
$stmt->bind_param('sss', $title, $desc, $uid2);

//Get params
$title=$_POST['title'];
$desc=$_POST['description'];
$uid2=$_GET['uid'];

$stmt->execute();
$stmt->close();
}
else {
//Error
printf("Prep statment failed: %s\n", $mysqli->error);
}


Error:


Prep statment failed: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'description = ? WHERE uid = ?' at line 1 Edited
row.

Answer

You're just missing a comma between the set columns:

UPDATE tblFacilityHrs SET title = ?, description = ? WHERE uid = ?
                                ^^^^^^

When MySQL reports an error the likes of check the manual for syntax to use near 'something, look most often to the character immediately preceding the 'something, as that is where your error occurs.

Note: you may need to call bind_param() after setting the input variables rather than before. I can't remember how MySQLi parses them and when they're bound, but logically it makes more sense in code to set them first then bind anyway.

//Get params
$title=$_POST['title'];
$desc=$_POST['description'];
$uid2=$_GET['uid'];   

$stmt->bind_param('sss', $title, $desc, $uid2);