[Solved] PHP script to update mySQL database

Question

Your sql is wrong. Apart from the gaping wide open SQL injection attack vulnerability, you’re generating bad sql.

e.g. consider submitting “Fred” as the first name:

$First_Name2 = "Fred";
$query = "UPDATE people SET Fred = First_name WHERE ....";

now you’re telling the db to update a field name “Fred” to the value in the “First_Name” field. Your values must be quoted, and reversed:

$query = "UPDATE people SET First_name="$First_Name2" ...";

You are also mixing the mysqli and mysql DB libraries like a drunk staggering down the street. PHP’s db libraries and function/method calls are NOT interchangeable like that.

In short, this code is pure cargo-cult programming.

Accepted Answer

Your sql is wrong. Apart from the gaping wide open SQL injection attack vulnerability, you’re generating bad sql.

e.g. consider submitting “Fred” as the first name:

$First_Name2 = "Fred";
$query = "UPDATE people SET Fred = First_name WHERE ....";

now you’re telling the db to update a field name “Fred” to the value in the “First_Name” field. Your values must be quoted, and reversed:

$query = "UPDATE people SET First_name="$First_Name2" ...";

You are also mixing the mysqli and mysql DB libraries like a drunk staggering down the street. PHP’s db libraries and function/method calls are NOT interchangeable like that.

In short, this code is pure cargo-cult programming.