Page 1 of 1

Can anyone see any problem with this line of code?

Posted: Thu Jul 22, 2004 8:41 pm
by dardsemail
I keep getting an error on this query:

Code: Select all

<?php
$query = "UPDATE aboutus SET aboutustext = $aboutustext WHERE aboutusID = $aboutusID";

?>
I'm so confused! I have a table called aboutus, and two fields - one called 'aboutustext' and another called 'aboutusID'.

What am I doing wrong? I keep getting a syntax error on this query.

Posted: Thu Jul 22, 2004 9:05 pm
by Joe

Code: Select all

$query = "UPDATE aboutus SET aboutustext = '$aboutustext' WHERE aboutusID = '$aboutusID'";
You forgot your quotes!

Posted: Thu Jul 22, 2004 9:08 pm
by evilmonkey
It's also a good practice to format your queiries like this:

Code: Select all

$query = "UPDATE `aboutus` SET `aboutustext` = '$aboutustext' WHERE `aboutusID` = '$aboutusID'";
Notice the `` signs around field names.

Good luck!

Posted: Thu Jul 22, 2004 11:46 pm
by ol4pr0
better yet used concats..

Code: Select all

$query = "UPDATE `aboutus` SET `aboutustext`='".$aboutustext."' WHERE `aboutusID`='".$aboutusID."'";

Posted: Fri Jul 23, 2004 10:14 am
by dardsemail
This may be the problem.... there are html tags and various other sundries in this text. Could that be solving the problem? And, if so, how do I work around this?

Here's some of what actually appears in the textarea:

***

<h3>This is a test. Family Jewels Designs was born of the notion that custom quality jewelry shouldn't be a luxury. Our designs include the finest sterling silver beads and findings, gold filled beads and findings, semiprecious stones, fresh water pearls, swarovski crystals, as well as findings from all over the world.&nbsp;</p><p>

***

Thanks!

Posted: Fri Jul 23, 2004 10:28 am
by WaldoMonster
I see you have a single quote in the text.
Text with single quotes must be surrounded with a double quote in the query.
Here are some examples:

Code: Select all

$query = "UPDATE aboutus SET aboutustext = "$aboutustext" WHERE aboutusID = '$aboutusID'";

$query = 'UPDATE aboutus SET aboutustext = "' . $aboutustext . '" WHERE aboutusID = "' . $aboutusID . '"';

Posted: Fri Jul 23, 2004 11:54 am
by feyd
it's probably better to ask php to escape the quotes entirely with [php_man]mysql_escape_string[/php_man] or its cousins..

Posted: Fri Jul 23, 2004 2:23 pm
by WaldoMonster
feyd wrote:it's probably better to ask php to escape the quotes entirely with [php_man]mysql_escape_string[/php_man] or its cousins..
Thanks; I didn't know this function exist.
Is this also the way to go when adding binary data to a database?
Before I used addslashes to add an image to the database.

Posted: Fri Jul 23, 2004 2:30 pm
by feyd
addslashes generally does the same thing. However, using [php_man]mysql_escape_string[/php_man](), or [php_man]mysql_real_escape_string[/php_man]() is normally a better idea (just to be safe)

Also, remember to use [php_man]get_magic_quotes_gpc[/php_man]() or its cousin, so you can [php_man]stripslashes[/php_man]() the variable first ;)