MySQL UPDATE doesn't change anything_问答_开发者

开发者 https://www.devze.com 2023-01-06 18:46 出处：网络

I\'m trying to update a database entry but i开发者_Python百科t won\'t change anything. I\'m getting no errors which confuses me...

相关专题：php

I'm trying to update a database entry but i开发者_Python百科t won't change anything. I'm getting no errors which confuses me...

Code:

if(isset($_GET['edit']))
{
    $idn = $_GET['id'];
    $namn = $_POST['namn'];
    $adress = $_POST['adress'];
    $postnummer = $_POST['postnummer'];
    $postort = $_POST['postort'];
    $email = $_POST['email'];
    $status = 0;
    echo $namn;
    $sql="UPDATE ordrar SET namn = '$namn' AND adress = '$adress' AND postnummer = '$postnummer'
    AND postort = '$postort' AND email = '$email' AND status = '$status' WHERE id = '$idn'";
    if (!mysql_query($sql))
    {
        die('Error: ' . mysql_error());
    }
    //$referer = $_SERVER['HTTP_REFERER'];
    //header('Location:'. $referer);
}

Thanks for answers /Victor

Your immediate problem is SQL syntax. Read the documentation on UPDATES and replace the ANDs with commas.

Your secondary, but possibly larger problem is that you're building a query out of untrusted user input. That's a recipe for a SQL injection attack. Use bind variables instead.

Ref this

Syntax for Update

UPDATE table_name SET field1=new-value1, field2=new-value2 [WHERE Clause]

Your query should

 $sql="UPDATE ordrar SET namn = '$namn' , adress = '$adress' ,
          postnummer = '$postnummer' , postort = '$postort' , email = '$email' ,
          status = '$status' WHERE id = '$idn'";

if you get no errors it does mean that no records matched WHERE condition

or you're probably don't have $_GET['edit'] varibale set