1

So I am updating my mysql database using php. Below is the end of the UPDATE, and if I have a string instead of echo $row[embedcode]"); it works fine, and this echo sets data on the page just fine retrieving the right value, but within this UPDATE it doesn't work.

...WHERE `embedcode` = echo $row[embedcode]");

I have tried using ". ." around it and adding its own php tag around it but I'm not sure what needs to be done.

Improve this question
1
  • Why are you trying to embed an echo inside an SQL statement? Commented May 9, 2013 at 12:59

6 Answers 6

Reset to default
6

Just use this:

...WHERE `embedcode` = " . $row[embedcode]);

There is no need for echo.

As a side note, you should probably parameterize or at least sanitize any strings that go into a MySQL query to prevent SQL injection and other bad things.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
" ... WHERE `embedcode=` '" .$row[embedcode]. "';");
Improve this answer

4 Comments

This is actually the only one that worked, but now I'm getting the database updated every time the page is loaded and not just when the button is clicked. I'm simply attempting to increment a value by 1 whenever a button is clicked. I assumed this could be done by doing the following: <a href="<?php echo $uv ?>">test</a> with uv being the update query. Because it's in the anchor tag, I thought it would only happen when clicked.
well, that could not work, since whatever you pass to the href attribute, it will be handled as a string of an url, either relative or a full url. so if you really want to use the a tag as a button, than you should do something like this in the php: $uv=$_GET['uv'] and the html part should look like this: <a href="/uv=<?=($uv+1);?>">button<a> but this will cause the page to reload every time you click on the button and i think -without seeing the whole code- that JS would be better to use...
well, im not sure how you want it without context, but if you put the mysql updating part into a function and you only fire it when the $_GET['uv'] is set: if(isset($_GET['uv'])) { .. UPDATE .. } than that could be a solution. post a bit more and then i can help more..
this way, the thing inside the if only run when the url has the uv variable in it: http://yoururl.com/?uv=somenumber
0

WHEREembedcode= . $row[embedcode]); will set the value.

There is not need for echo inside the sql statement. echo is used for displaying something from php to the webbrowser.

Improve this answer

Comments

0

You don't use echo, perhaps it should be:

...WHERE `embedcode=` . $row[embedcode]");

Not that if $row[embedcode] is a string you have to put quotes around it.

Improve this answer

Comments

0

Let say for example...

("UPDATE `tblProfile` SET `profilename` = 'abc' WHERE `embedcode` = '".$row['embedcode']."'");
Improve this answer

Comments

0

to prevent SQL injection, you can pass that value as a parameter if you are using PDO or MySQLi.

For example,

$stmt = $dbConnection->prepare('...WHERE `embedcode` = :embedcode');
$stmt->execute(array(':embedcode' => $row[embedcode]));

See this for details.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.