WHERE usage in MariaDB

im getting this message when im trying to update the records of my database:

"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id = 1' at line 1"

this is how WHERE is used: $query = "UPDATE users SET "; $query .= "username = '$username', "; $query .= "password = '$password', "; $query .= "WHERE id = $id";

updating the records by selecting the id column.

Im not familiar with SQL nor MariaDB. I'm a newbie.

how am I supposed to use WHERE in MariaDB ?

Many Thanks,


Answer Answered by Brian Evans in this comment.

Please do not build queries like this. It is error prone and unsafe. Instead use prepared statements. This looks to be PHP so you should do something like

$pdo = new \PDO($connection_string)
$query = "UPDATE users SET username = ?, password = ? WHERE id = ?";
$stmt = $pdo->prepare($query);
$stmt->execute(array($username, $password, $id));

This code is safe from injections and easily shows the query. When you did it your way, you added an extra comma which was not as easily seen.


Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.