how would I properly format this update to my database
if (isset($_POST['submit'])) {
$query = 'UPDATE wsd_members SET ';
$query .= "first_name = '" . prepareData($_POST['fname']) . "'" . ',';
$query .= "last_name = '" . prepareData($_POST['lname']) . "'" . ',';
$query .= "address = '" . prepareData($_POST['address']) . "'" . ',';
$query .= "city = '" . prepareData($_POST['city']) . "'" . ',';
$query .= "zip = '" . prepareData($_POST['zip']) . "'" . ',';
$query .= "WHERE username = '" . addslashes($_SESSION['username']) . "'";
$confirm = 'Contact Information Updated.';
unset($_POST);
}
else {
$error = mysql_error();
}
what i need is the above code fixed.
