SQL Query Formatting

whobutsb

I feel i'm really close with this SQL query i'm just unsure of the formatting. Help would be much appreciated!!

$update = "UPDATE paceReport SET" .`$fieldname` . "= '.$content'";
$result = mysql_query($update)
	or die ("couldn't execute update");

Thanks!

NogDog

Looks like you want:

$update = "UPDATE paceReport SET `$fieldname` = '$content'";

However, if the variables are coming from any sort of user input, then you should "sanitize" them to prevent SQL injection attacks and such. One method would be:

$update = sprintf(
   "Update paceReport SET `%s` = '%s'",
   mysql_real_escape_string($fieldname),
   mysql_real_escape_string($content)
);