The
sql_update()
function updates one or several records in an SQL table. The elements passed are not automatically filtered against SQL injection attacks as with
sql_updateq()
, so you must watch out for SQL injection attacks and use
sql_quote()
functions to secure the content when necessary.
The function accepts 6 parameters:
-#
$table
is the SQL table in question,
-#
$exp
contains the modifications to be made,
-#
$where
,
-#
$desc
,
-#
$serveur
,
-#
$option
.
This function is principally used to modify values which use the same value as the column being updated, e.g.
// increment the column by 1
sql_update('table', array('column' => 'column + 1'));
Whenever data added with this function are likely to include apostrophes or originate from user data entry, it is important to secure the insert with the use of the
sql_quote()
function:
sql_update('table', array('column' => sql_quote($value)));
Example
Update the "id_secteur" column with the identifier for sections that don’t have a parent:
// assign the id_secteur value for root sections
sql_update('spip_rubriques', array('id_secteur'=>'id_rubrique'), "id_parent=0");
Add a set number of visits to the statistical data for certain articles:
$article_set = sql_in('id_article', $liste);
sql_update('spip_visites_articles',
array('visites' => "visites+$n"),
"date='$date' AND $article_set");