-1

I am getting blank or just say '.''.' as a value in PHP.

Here is my echo:

UPDATE tbl_returnlog SET entry_date = '.''.', suppliername = '.''.', lotid = '.''.', 
 stonedescription = '.''.', returninvc = '.''.', supp_invcdate = '.''.', 
 supp_invc = '.''.', ppc = '.''.', ttl_cost = '.''.',
 destination = '.''.', actual_ship_date = '.''.', courier = '.''.',
 tracking = '.''.' WHERE suppliername = '.''.';

Also sharing my full state-ment:

<?php
   error_reporting(E_ERROR | E_PARSE);

   include "config.php";



    $updatereturnstonedetails = $_POST['updatereturnstonedetails'];
   //echo json_encode($updatereturnstonedetails, true);
   $Stone = json_decode($updatereturnstonedetails, true);

$sql = '';

  //foreach ($StoneArr as $Stone)
  //{

    $entry_date=$Stone['entry_date'];
    $suppliername=$Stone['suppliername'];
    $lotid=$Stone['lotid'];
    $stonedescription=$Stone['stonedescription'];
    $returninvc=$Stone['returninvc'];
    $supp_invcdate=$Stone['supp_invcdate'];
    $supp_invc=$Stone['supp_invc'];
    $ppc=$Stone['ppc'];
    $ttl_cost=$Stone['ttl_cost'];
    $destination=$Stone['destination'];
    $actual_ship_date=$Stone['actual_ship_date'];
    $courier=$Stone['courier'];
    $tracking = $Stone['tracking'];

 $sql .= "UPDATE tbl_returnlog SET entry_date = '.'".$entry_date."'.', suppliername = '.'".$suppliername."'.', lotid = '.'".$lotid."'.', 
 stonedescription = '.'".$stonedescription."'.', returninvc = '.'".$returninvc."'.', supp_invcdate = '.'".$supp_invcdate."'.', 
 supp_invc = '.'".$supp_invc."'.', ppc = '.'".$ppc."'.', ttl_cost = '.'".$ttl_cost."'.',
 destination = '.'".$destination."'.', actual_ship_date = '.'".$actual_ship_date."'.', courier = '.'".$courier."'.',
 tracking = '.'".$tracking."'.' WHERE suppliername = '.'".$suppliername."'.';";
  //}



   echo $sql;

I guess i am making small mistake i guess..!?!?

Dharman
  • 26,923
  • 21
  • 73
  • 125
convicted
  • 33
  • 7

1 Answers1

1
 $sql = "UPDATE tbl_returnlog SET entry_date = '".$entry_date."', suppliername = '".$suppliername."' , lotid = '".$lotid."', 
 stonedescription = '".$stonedescription."', returninvc = '".$returninvc."', supp_invcdate = '".$supp_invcdate."', 
 supp_invc = '".$supp_invc."', ppc = '".$ppc."', ttl_cost = '".$ttl_cost."',
 destination = '".$destination."', actual_ship_date = '".$actual_ship_date."', courier = '".$courier."',
 tracking = ".$tracking."' WHERE suppliername = '".$suppliername."' ";

And also need to remove extra semicolan

WHERE suppliername = '$suppliername';";

Best method

You should use PDO.

For example :

example using PDO

$query = "UPDATE table_name SET field1= :? ";

$stmt->bind_param('field1', $value);

$stmt = $conn->prepare($query);

$stmt->execute();

PDO Example :

$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";

$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email)
        VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);
    
$firstname = "John";
$lastname = "Ramki";
$email = "john@ex.com";
$stmt->execute();
echo "New records created successfully";
Community
  • 1
  • 1
Ramki
  • 910
  • 3
  • 17
  • Okay. I will give the PDO connection example – Ramki Nov 27 '19 at 04:16
  • Don't catch the exception just to display it. Remove try-catch altogether. Also you should either specify connection charset or disable emulated statements, because this code could still be vulnerable to SQL injection in rare cases. – Dharman Nov 27 '19 at 07:09
  • removed try catch block – Ramki Nov 27 '19 at 07:14