0

So I'm trying to build a kind of update email function, and the part that should put it into the db looks like this

<?php $emailfrom = $_POST['emailfrom']; $emailto = $_POST['emailto']; $query = sprintf('UPDATE `users` SET `email`="%s" WHERE `email`="%s"`', mysqli_real_escape_string($db, $emailfrom), mysqli_real_escape_string($db, $emailto)); mysqli_query($db, $query);

The problem is that the row don't update... And I need help in knowing why, as I'm not so well experienced with mysql, used other dbs mainly earlier

Improve this question

2 Answers 2

Reset to default
1

You've got syntax error in your query.

 \/ $query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`', mysqli_real_escape_string($db, $emailfrom), mysqli_real_escape_string($db, $emailto)); mysqli_query($db, $query);

Also, you probably want to change emails from emailFrom to emailTo, now you are doing it the other way around. After edit:

$query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`', mysqli_real_escape_string($db, $emailto), mysqli_real_escape_string($db, $emailfrom)); mysqli_query($db, $query);
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Nope, still doesn't work, and what exactly is the error with email
You have additional ` in the end of the string. Change email= "%s"` to email= "%s"
Now you got the syntax right. I edited my answer, if I'm correct you are updating your row the other way around. Otherwise I don't have any idea left why your query isn't working, since syntax is okay, the code you posted also. Try debugging with error_reporting.
That made it! Thousands of thanks, I'm feeling pretty stupid now, it was so obvious when you said It...
Haha, don't worry, common mistake made by tired people :) Glad you got it.
1

The accepted answer will work, but a prepared statement would be much safer

$query="UPDATE `users` SET `email`= ? WHERE `email`= ?"; $stmt = $db->prepare($query); $stmt->bind_param('ss',$_POST['emailfrom'],$_POST['emailto']); $stmt->execute(); $stmt->close();

With a prepared statement you don't have to worry about escaping your variables to prevent SQL injection.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.