I just want to know if this is the correct syntax for updating data in the database.

<?php
	$user_id = $_GET['user_Id'];
	$qry = mysql_query("SELECT win_id,win_net_drives,win_asset_no,win_new_pc,win_requirements,win_uid FROM windows_application WHERE win_uid = '".$user_id."'");
	$db = mysql_fetch_array($qry);
	
	if($_GET['process'] == 1){
		$drives = $_POST['network_drive'];
		$asset = $_POST['win_asset_no'];
		$newpc = $_POST['new_pc'];
		$winreq = $_POST['win_requirements'];
		$qry = mysql_query("UPDATE windows_application SET win_net_drives= '".$drives."'");
		$qry = mysql_query("UPDATE windows_application SET win_asset_no= '".$asset."'");
		$qry = mysql_query("UPDATE windows_application SET new_pc= '".$newpc."'");
		$qry = mysql_query("UPDATE windows_application SET win_requirements= '".$winreq."'");
			}
?>

Syntaxically, it is correct. I have two comments however:

1. You really should validate every variable being sent to the server from the browser. Otherwise you leave your website open to MySQL injection and XXS attacks.

2. Not really important, however if your string is enclosed in " (double quotes), then you can include variable names in the string itself. This is because double quoted strings are special in that PHP parses them and any variables/logic it finds within them. The opposite is also true. If you don't want PHP to parse the string, use single quotes, as this saves on processing time.

$qry = mysql_query("UPDATE windows_application SET win_net_drives= '$drives'");

R

Member Avatar for rajarajan2017

You can simply test your update query in your phpadmin sql editor if it is updated then your query syntax is right otherwise wrong. give it a try. Best Practice..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.