Can anyone see any problem with this line of code?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dardsemail
Forum Contributor
Posts: 136
Joined: Thu Jun 03, 2004 9:02 pm

Can anyone see any problem with this line of code?

Post by dardsemail »

I keep getting an error on this query:

Code: Select all

<?php
$query = "UPDATE aboutus SET aboutustext = $aboutustext WHERE aboutusID = $aboutusID";

?>
I'm so confused! I have a table called aboutus, and two fields - one called 'aboutustext' and another called 'aboutusID'.

What am I doing wrong? I keep getting a syntax error on this query.
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

Code: Select all

$query = "UPDATE aboutus SET aboutustext = '$aboutustext' WHERE aboutusID = '$aboutusID'";
You forgot your quotes!
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

It's also a good practice to format your queiries like this:

Code: Select all

$query = "UPDATE `aboutus` SET `aboutustext` = '$aboutustext' WHERE `aboutusID` = '$aboutusID'";
Notice the `` signs around field names.

Good luck!
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

better yet used concats..

Code: Select all

$query = "UPDATE `aboutus` SET `aboutustext`='".$aboutustext."' WHERE `aboutusID`='".$aboutusID."'";
dardsemail
Forum Contributor
Posts: 136
Joined: Thu Jun 03, 2004 9:02 pm

Post by dardsemail »

This may be the problem.... there are html tags and various other sundries in this text. Could that be solving the problem? And, if so, how do I work around this?

Here's some of what actually appears in the textarea:

***

<h3>This is a test. Family Jewels Designs was born of the notion that custom quality jewelry shouldn't be a luxury. Our designs include the finest sterling silver beads and findings, gold filled beads and findings, semiprecious stones, fresh water pearls, swarovski crystals, as well as findings from all over the world.&nbsp;</p><p>

***

Thanks!
User avatar
WaldoMonster
Forum Contributor
Posts: 225
Joined: Mon Apr 19, 2004 6:19 pm
Contact:

Post by WaldoMonster »

I see you have a single quote in the text.
Text with single quotes must be surrounded with a double quote in the query.
Here are some examples:

Code: Select all

$query = "UPDATE aboutus SET aboutustext = "$aboutustext" WHERE aboutusID = '$aboutusID'";

$query = 'UPDATE aboutus SET aboutustext = "' . $aboutustext . '" WHERE aboutusID = "' . $aboutusID . '"';
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it's probably better to ask php to escape the quotes entirely with [php_man]mysql_escape_string[/php_man] or its cousins..
User avatar
WaldoMonster
Forum Contributor
Posts: 225
Joined: Mon Apr 19, 2004 6:19 pm
Contact:

Post by WaldoMonster »

feyd wrote:it's probably better to ask php to escape the quotes entirely with [php_man]mysql_escape_string[/php_man] or its cousins..
Thanks; I didn't know this function exist.
Is this also the way to go when adding binary data to a database?
Before I used addslashes to add an image to the database.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

addslashes generally does the same thing. However, using [php_man]mysql_escape_string[/php_man](), or [php_man]mysql_real_escape_string[/php_man]() is normally a better idea (just to be safe)

Also, remember to use [php_man]get_magic_quotes_gpc[/php_man]() or its cousin, so you can [php_man]stripslashes[/php_man]() the variable first ;)
Post Reply