The sql_update() function updates one or several records in an SQL table. The elements passed are not automatically filtered against SQL injection attacks as with sql_updateq(), so you must watch out for SQL injection attacks and use sql_quote() functions to secure the content when necessary.

The function accepts 6 parameters:

  1. $table is the SQL table in question,
  2. $exp contains the modifications to be made,
  3. $where,
  4. $desc,
  5. $serveur,
  6. $option.

This function is principally used to modify values which use the same value as the column being updated, e.g.

// increment the column by 1
sql_update('table', array('column' => 'column + 1'));

Whenever data added with this function are likely to include apostrophes or originate from user data entry, it is important to secure the insert with the use of the sql_quote() function:

sql_update('table', array('column' => sql_quote($value)));


Update the "id_secteur" column with the identifier for sections that don’t have a parent:

// assign the id_secteur value for root sections
sql_update('spip_rubriques', array('id_secteur'=>'id_rubrique'), "id_parent=0");

Add a set number of visits to the statistical data for certain articles:

$article_set = sql_in('id_article', $liste);
    array('visites' => "visites+$n"),
    "date='$date' AND $article_set");

Author Mark Baber Published : Updated : 02/06/10

Translations : English, français