search

Home  >  Q&A  >  body text

PHP query update data

This is the error I receive:

UPDATE QUESTION SET situacao='Concluido' WHERE id=? SQLSTATE[42000]: Syntax error or access violation: 1064 There is an error in your SQL syntax; check the manual that corresponds to your MariaDB server version to see what happens when "? The correct syntax to use near " is in line 1

I tried a lot of things, and finally I could only use the following code, thank you all

P粉938936304P粉938936304285 days ago532

reply all(1)I'll reply

  • P粉132730839

    P粉1327308392024-04-02 12:07:59

    You are close to your answer. As Slava Rozhnev pointed out, your code is open to SQL injection though. In your question you are using placeholders in your query. When you prepare a statement, you tell PDO: Whatever I put in it, don't execute it, it's just data . When ready, you can bind the value to the placeholder. This can be done via bindValue or bindParam or even using execute()

    setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    
        $stmt = $link->prepare($sql);
        $stmt->bindValue(1, $id);
    
        $stmt->execute();
    
        header("Location:verTodos.php");
    } catch (PDOException $e) {
    
        echo $sql . "
    " . $e->getMessage(); } $link = null; ?>

    Line $stmt->bindValue(1, $id)Read the current value and replace the placeholder with it. If you want to use a loop, and $id keeps changing, you can use $stmt-bindParam(1, $id) which will read < code>$id Variables when executing the query. Another option is to remove the bindValue call and let execute bind the value. This can be done by adding an array of values ​​as a parameter to the execute call. In your case this would be $stmt->execute([$id]). I personally prefer to do it because it's much cleaner than adding a bunch of bindValue calls before doing it.

    Also note that I have moved the assignment of the $sql variable outside the try-catch block. This is because you want to use the variable in the catch if PDO's constructor throws PDOException (in line $link = new PDO("mysql:host=$servername;dbname= $dbname", $username, $ password);

    reply
    0
  • Cancelreply