I have the following query:
UPDATE users_login SET LastLogin= CONCAT(CURDATE(), ' ', CURTIME()) WHERE Username=?
This fails when I'm passing this into my PHP MySQLI Query Construct. But running this through PMA Query:
UPDATE users_login SET LastLogin= CONCAT(CURDATE(), ' ', CURTIME()) WHERE Username='Sophie'
I have no idea why this is failing.
Error Message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ', CURTIME())) WHERE Username='Shophie'' at line 1
Exact Code is as followed:
$Update_Parameter = array($_POST['Username']);
$Database->rawQuery("UPDATE users_login SET LastLogin = CONCAT(CURDATE(), ' ', CURTIME() )"
,$Update_Parameter);
I'm outsourcing to a MySQLi Wrapper for what I thought was an easier method for queries. https://github.com/ajillion/PHP-MySQLi-Database-Class
There's a bug in the mysqli wrapper class you are using.
In method MysqliDb::rawQuery() there is this line of code:
$this->_query = filter_var($query, FILTER_SANITIZE_STRING);
which will turn your query string
UPDATE users_login SET LastLogin= CONCAT(CURDATE(), ' ', CURTIME()) WHERE Username=?
into this:
UPDATE users_login SET LastLogin= CONCAT(CURDATE(), ' ', CURTIME()) WHERE Username=?
//the single quotes now become ' ^^^^^ ^^^^^
And then this string is passed to mysqli::prepare(), causing a syntax error.
I suggest you use a more mature library if you are doing serious job.