• Update Command is needed most of the Web applications and CMS
  • Using it with default values specified in query is simple,but Many will have issues with passing a PHP variable in the query
  • The Update Command is of the form
    UPDATE table_name SET field_name Values WHERE condition
    • If the user has received inputs via post method in a form it will be stored in POST super global in PHP
    • Use ‘.’ operator to append variables in mysql query
    • The mysql_real_escape_string() function is a simple method to provide basic security feature which does terminates any escape string given in inputs, I suggest to use it any usage of variables.
    • When we use double quotes inside double quotes we need to escape it with forward slash before and after.
    • The Snippet is given below

   

  $user_name=$_POST['username'];
    $sql = "UPDATE table_name
            SET field_name='".mysql_real_escape_string($user_name)."'
            WHERE field_name=\"$user_name\"";

            if(!mysql_query($sql)
               {
                  echo "Query failed";
                }
             else
                {
                   echo "Query Successful";
                }
Thank u for reading this  Article hope it was useful !
-Regards
ScriptSnippets

About Sathesh Bm

Sathesh Bm has written 26 post in this website.

Engineer, Web Lover, Thinker, Blogger

Related Posts Plugin for WordPress, Blogger...