MySQLi prepared update statement in PHP

Question

How do you write a prepared update statement? Reference:mysqli::prepare

I've tried writing it as described:

  if ($stmt = $mysqli->prepare("UPDATE tblFacilityHrs SET title =? description = ? WHERE uid = ?")){
            $stmt->bind_param('sss', $title, $desc, $uid2);

            //Get params
            $title=$_POST['title'];
            $desc=$_POST['description'];
            $uid2=$_GET['uid'];     

$stmt->execute();
            $stmt->close();
    }
    else {
        //Error
        printf("Prep statment failed: %s\n", $mysqli->error);
    }

Error:

Prep statment failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'description = ? WHERE uid = ?' at line 1 Edited row.

Answer 1

You're just missing a comma between the set columns:

UPDATE tblFacilityHrs SET title = ?, description = ? WHERE uid = ?
                                ^^^^^^

When MySQL reports an error the likes of check the manual for syntax to use near 'something, look most often to the character immediately preceding the 'something, as that is where your error occurs.

Note: you may need to call bind_param() after setting the input variables rather than before. I can't remember how MySQLi parses them and when they're bound, but logically it makes more sense in code to set them first then bind anyway.

//Get params
$title=$_POST['title'];
$desc=$_POST['description'];
$uid2=$_GET['uid'];   

$stmt->bind_param('sss', $title, $desc, $uid2);