Have a look at prepared statements and statement parameters.
Also, if you’re quoting strings you should use single quotes rather than double
quotes. Double quotes just override the tokenizer, the result is still untyped
and technically an identifier (the tokenizer actually marks it as TK_ID) until
the parser disambiguates it. This can lead to unexpected results.
On 7/21/17, 1:34 AM, "sqlite-users on behalf of Edmondo Borasio"
<sqlite-users-boun...@mailinglists.sqlite.org on behalf of
edmondobora...@gmail.com> wrote:
I am updating a record of a SQLite database as follows:
$db->exec('UPDATE Movies SET name = "new movie" WHERE ID="4"');
but instead of using name and ID I want to use some variables, $NewItemName
and $hId.
Entering the variables as they are won't work. Neither using escape
characters like \"$DbItemName\" and \"$hId\".
Any idea of the right syntax pls?
--
Dr Edmondo Borasio, MedC BQ Ophth, FEBO
Consultant Ophthalmologist
Specialised in Cornea, Cataract & Laser Refractive Surgery
Head of Corneal and Refractive Surgery Department
Burjeel Hospital
Abu Dhabi, UAE
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
