sql_update

The sql_update() function updates one or several records in an SQL table. The elements passed are not automatically filtered against SQL injection attacks as with sql_updateq(), so you must watch out for SQL injection attacks and use sql_quote() functions to secure the content when necessary.

The function accepts 6 parameters:

  1. $table is the SQL table in question,
  2. $exp contains the modifications to be made,
  3. $where,
  4. $desc,
  5. $serveur,
  6. $option.

This function is principally used to modify values which use the same value as the column being updated, e.g.

  1. // increment the column by 1
  2. sql_update('table', array('column' => 'column + 1'));

Download

Whenever data added with this function are likely to include apostrophes or originate from user data entry, it is important to secure the insert with the use of the sql_quote() function:

  1. sql_update('table', array('column' => sql_quote($value)));

Example

Update the "id_secteur" column with the identifier for sections that don’t have a parent:

  1. // assign the id_secteur value for root sections
  2. sql_update('spip_rubriques', array('id_secteur'=>'id_rubrique'), "id_parent=0");

Download

Add a set number of visits to the statistical data for certain articles:

  1. $article_set = sql_in('id_article', $liste);
  2. sql_update('spip_visites_articles',
  3. array('visites' => "visites+$n"),
  4. "date='$date' AND $article_set");

Download

Author Mark Baber Published : Updated : 02/06/10

Translations : English, français