how to use a reserved keyword in query [duplicate]

StackOverflow https://stackoverflow.com/questions/21271417

Question

OK so I have a query that updates a table, it only works however when I remove the group part of the update, without this it works fine.

so I understand group may be a reserved keyword, I have tried placing it like [group] but still it dose not work.

when I echo out the query I get :

UPDATE users SET username='superman', dob='0000-00-00', location='The Daily Planet ', group='2' WHERE id='136'

It just dose not insert to the database. dose any one know how I can get this to work?

Full php code inc query :

require 'core/init.php';
$username = mysql_real_escape_string($_POST["username"]);
$dob = mysql_real_escape_string($_POST["dob"]);
$location = mysql_real_escape_string($_POST["location"]);
$group = mysql_real_escape_string($_POST["group"]);
$user_id = (int)$_POST['id'];

  $result = mysql_query("UPDATE users
              SET username='$username', 
                  dob='$dob',
                  location='$location',
                  group='$group'  
              WHERE 
              id=$user_id");

    header("location:admin.php");
Was it helpful?

Solution

Use backticks ` for any reserved word. Better yet use backticks for any column name, table name and such.

UPDATE `users`
SET `username` = '$username', `dob` = '$dob',`location` = '$location',`group` = '$group'  
WHERE `id` = $user_id

OTHER TIPS

The square braces ([]) are used in Microsoft SQL Server and Access as the escape character. The backtick is used in MySQL. The standard character is double quotes, which seems to work in almost all other databases.

You should be warned against using reserved words as names in the database. Especially, reserved words that are part of the basic SQL syntax. Something like:

select "group", count("group")
from t
group by "group"

can be quite hard to read.

Finally, I think you should only escape the actual reserved words, not everything:

      UPDATE users
          SET username = '$username', 
              dob = '$dob',
              location = '$location',
              "group" = '$group'  
          WHERE id = $user_id
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top