sytax error, but cant see issue
hia all
been staring at this for ages now but cant figure out what im doing wrong
if ($_POST['submit'] == 'submit') {
$title = $_POST['title'];
$desc = $_POST['desc'];
$text = $_POST['text'];
mysql_query("UPDATE **table** SET title = '$title', desc = '$desc', text = '$text'
WHERE id = ".$_GET['id']."") or die (mysql_error());
echo 'Updated';
exit;}
keep getting that dredded "you have an error in your SQL syntax"
help please
Greg K posted this at 16:59 — 2nd July 2007.
He has: 2,145 posts
Joined: Nov 2003
1st step in debugging a query that doesn't work or gives you results you were not expecting: VIEW what actually gets executed:
<?php
if ($_POST['submit'] == 'submit') {
$title = $_POST['title'];
$desc = $_POST['desc'];
$text = $_POST['text'];
$id = $_GET['id']
$sql = \"UPDATE `table` \" .
\"SET `title` = '$title', `desc` = '$desc', `text` = '$text' \".
\"WHERE `id` = $id\";
die (\"SQL: $sql \n\"); // COMMENT THIS LINE OUT TO EXECUTE QUERY
mysql_query($sql) or die (mysql_error());
echo 'Updated';
exit;
}
?>
Now you will see the actual query with the values from the variables. When you are sure the query looks ok, comment out the die line
Since you are using just raw data from a form in your SQL, (hopefully this is for testing ONLY, and you will properly validate/format them before gong live), it is easy to miss things like a single quote which will mess up the sql statement. Think about if the following was entered in for DESC:
Great site, can't get enough!!
part of your sql statement will read:
`desc` = 'Great site, can't get enough!!', `text` =
as you can see, SQL will be confused by the quote.
-Greg
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.