The sql_update() function updates one or several records in an SQL table. The elements passed are not automatically filtered against SQL injection attacks as with sql_updateq(), so you must watch out for SQL injection attacks and use sql_quote() functions to secure the content when necessary. The function accepts 6 parameters: -# $table is the SQL table in question, -# $exp contains the modifications to be made, -# $where, -# $desc, -# $serveur, -# $option. This function is principally used to modify values which use the same value as the column being updated, e.g.
// increment the column by 1
sql_update('table', array('column' => 'column + 1'));
Whenever data added with this function are likely to include apostrophes or originate from user data entry, it is important to secure the insert with the use of the sql_quote() function:
sql_update('table', array('column' => sql_quote($value)));


Update the "id_secteur" column with the identifier for sections that don’t have a parent:
// assign the id_secteur value for root sections
sql_update('spip_rubriques', array('id_secteur'=>'id_rubrique'), "id_parent=0");
Add a set number of visits to the statistical data for certain articles:
$article_set = sql_in('id_article', $liste);
	array('visites' => "visites+$n"),
	"date='$date' AND $article_set");

Author Mark Baber Published : Updated : 02/06/10

Translations : English, français