0

idk where's the wrong part,but the update query didn't work.

this is the form

<form method="post"> <input type="checkbox" name="ceksetuju" id="cekbox" value="YA" required> <label for="cekbox">dengan ini saya setuju dengan syarat dan ketentuan yang berlaku</label><br> <input type="submit" name="agree" class="button special small" value="Next"> </form>

and this is my php file

//CONNECT DATABASE $db = new mysqli('localhost', 'root', '130395', 'dbtest'); //UPDATE TABLE LIRIK if (isset($_POST['agree'])) { $id=mysqli_real_escape_string($db,$_GET['id_lirik']); $uname=$userRow['user_name']; $ceksetuju=$_POST['ceksetuju']; $sqlupdate ="UPDATE lirik set setuju_taken='$ceksetuju',taken_by ='$uname' FROM lirik where id_lirik='$id' "; $resultupdate = $db->query($sqlupdate); if ($resultupdate) { echo "success"; } else{ echo "failed"; } }

and the result always 'failed'. so, Can somebody tell me what's wrong?

Improve this question
1
  • you should use prepared statements or escale $ceksetuju, too. $_POST-variables can be spoofed very easily, too, so while you've secured $id, your code still is vulnerable for SQL-Injections. Commented Feb 11, 2016 at 7:35

3 Answers 3

Reset to default
2

No need for FROM tablename in update query. Try with -

$sqlupdate = "UPDATE lirik set setuju_taken='$ceksetuju',taken_by ='$uname' WHERE id_lirik='$id'";

Syntax

UPDATE [table_name] SET column1 = value1, column2 = value2...., columnN = valueN WHERE [conditions];
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Oh my fault. I didn't notice that bfore. now it works well, thank you :) @Sougata
0

No need to use FROM YOR_TABLE_NAME in your update query. You will check your query update or not using === operator for more details check this link for operator functionality http://php.net/manual/en/language.operators.comparison.php

Change your code on this way : 

$sqlupdate ="UPDATE lirik set setuju_taken='".$ceksetuju."',taken_by ='".$uname."' where id_lirik= $id"; $resultupdate = $db->query($sqlupdate); if ($resultupdate === TRUE) { echo "success"; } else{ echo "failed"; }
Improve this answer

Comments

0

You are missing the dots:$sqlupdate="UPDATE lirik set setuju_taken='".$ceksetuju."',taken_by ='".$uname."' FROM lirik where id_lirik=".$id.";

NOTE : taken_by ='".$uname."' VS. id_lirik=".$id." I assumed that taken_by has a VARCHAR data type and id_lirik with an INT data type. There is no need to use FROM table in an update query anyway.

Improve this answer

1 Comment

It is nothing to wrong to write $id and '$id'. Both are same if query has double quotes. Refer Sougata's answer. Query should be write by that way.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.