how to upadate field in database?

Question

my code are not working, maybe because of the where statement. please help me with what is wrong with this line of code.

query:

mysql_query("UPDATE tblceas_vote SET fldpassword= $three WHERE fldstudno =$login");

Are you sure about the values if the variables? They're not possibly empty? — JAL, Oct 10 '13 at 20:53
By the way, learn about [SQL injections](http://en.wikipedia.org/wiki/SQL_injection) and password hashing (e.g. bcrypt). — luiscubal, Oct 10 '13 at 21:25

score 2 · Answer 1 · answered Oct 10 '13 at 20:52

2

Quotes will probably help:

mysql_query("UPDATE tblceas_vote SET fldpassword= '$three' WHERE fldstudno ='$login'");

Otherwise the proper way is to use escaping: http://php.net/manual/en/function.mysql-real-escape-string.php

answered Oct 10 '13 at 20:52

Lajos Veres

13,595
7
43
56

don't use `l'arrosoir` as password – Oct 10 '13 at 20:53

score 0 · Answer 2 · answered Oct 10 '13 at 20:52

Put single quotes or escape the string:

mysql_query("UPDATE tblceas_vote SET fldpassword='$three' WHERE fldstudno='$login'");

Or

mysql_query("UPDATE tblceas_vote SET fldpassword='".$three."' WHERE fldstudno='".$login."'");

Also note that MYSQL is deprecated and you should use MySQLi or PDO instead.

score 0 · Answer 3 · answered Oct 10 '13 at 20:59

I agree. Quote are definitely required for text within queries. Also I would suggest you "escape" you content (have a look at mysqli_real_escape_string).

If you ever encounter a "quote" inside your string, it will break your query, unless you escape it.

how to upadate field in database?

3 Answers3