Page 1 of 1

sytax error on sql

Posted: Thu Oct 05, 2006 10:01 pm
by franknu
i want to update my database using a password and username

but i am getting a sytax error i just dont see the problem can any one help please here is the code

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password);
mysql_select_db($database);

 $BusinessName = (isset($_POST['BusinessName']));
 $Slogan = addslashes(isset($_POST['Slogan']));
 $Business_Address = addslashes (isset($_POST['Business_Address']));
 $Tel = addslashes(isset($_POST['Tel']));
 $Website = addslashes(isset($_POST['Website']));
 $Email = addslashes(isset($_POST['Email']));
 $Member_Status = addslashes(isset($_POST['Member_Status']));
 $Fax =addslashes(isset($_POST['Fax']));
 $type = addslashes(isset($_POST['type']));
 $make = addslashes(isset($_POST['make']));
 $Categories = addslashes(isset($_POST['Categories']));
 $Keyword = addslashes (isset($_POST['Keyword']));
 $Picture1 = addslashes (isset($_POST['Picture1']));
 $Headline = addslashes (isset($_POST['Headline']));
 $Slogan2 = addslashes (isset($_POST['Slogan2']));
 $Description1 = addslashes (isset($_POST['Description1']));
 $Description2 = addslashes (isset($_POST['Description2']));
 $Description3= addslashes (isset($_POST['Description3']));
 $Contact2 = addslashes (isset($_POST['Contact2']));
 $Picture2 = addslashes (isset($_POST['Picture2']));
 $Picture3 = addslashes (isset($_POST['Picture3']));
 $Picture4 = addslashes (isset($_POST['Picture4']));
 $User_Name = addslashes (isset($_POST['User_Name']));
 $Password = addslashes (isset($_POST['Password']));



$User_Name = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` == '$User_Name'"); 



if($Password == $Password[0]) 

{ 

$sql= " UPDATE  WHERE `Business_Info`(`BusinessName`,`Slogan`,`Business_Address`,`Tel`,`Website`,`Email`,`Member_Status`,`  Fax`,`type`,`make`,`Categories`,`Keyword`,`picture1`,`Headline`,`Slogan2`,`Description1`,`Description2`,`Description3`,`Contact2`,`Picture2`,`Picture3`,`Picture4`,`Password`) 

Values('.$BusinessName.','.$Slogan.','.$Business_Address.','.$Tel.','.$Website.','.$Email.','.$Member_Status.','.$Fax.',' 
.$type.','.$make.','.$Categories.','.$Keyword.','.$Picture1.','.$Headline.','.$Slogan2.','.$Description1.', 
'.$Description2.','.$Description3.','.$Contact2.' 
,'.$Picture2.','.$Picture3.','.$Picture4.','.$Password.') WHERE `User_Name` == $User_Name"; 


$result = mysql_query($sql); 
echo mysql_error(); 


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 



?>
this is what i am displaying....


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE `Business_Info`(`BusinessName`,`Slogan`,`Business_Address`

Posted: Thu Oct 05, 2006 10:08 pm
by Flamie
you are forgetting the tablename on your UPDATE ;o

Edit:
And I'm not sure if using the VALUES() thing works with UPDATE commands. The one I usually do is:
UPDATE <tablename> SET <field>=<value>, <field2>=<value2> WHERE <condition(s)>

Posted: Thu Oct 05, 2006 10:09 pm
by franknu
the table name is business_info

Posted: Thu Oct 05, 2006 10:11 pm
by Flamie
then you do:

Code: Select all

$query = "UPDATE buisness_info SET (set your values here) WHERE (set your conditions here)";

Posted: Thu Oct 05, 2006 10:17 pm
by franknu
if you look on the database that is what i have i am just getting this erroe

Code: Select all

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`BusinessName`,`Slogan`,`Business_Address`,`Tel`,`Website`,`Ema
this are the changes i made

Code: Select all

$User_Name = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` == '$User_Name'"); 



if($Password == $Password[0]) 

{ 

$sql= " UPDATE `Business_Info`(`BusinessName`,`Slogan`,`Business_Address`,`Tel`,`Website`,`Email`,`Member_Status`,`  Fax`,`type`,`make`,`Categories`,`Keyword`,`picture1`,`Headline`,`Slogan2`,`Description1`,`Description2`,`Description3`,`Contact2`,`Picture2`,`Picture3`,`Picture4`,`Password`);

Values('.$BusinessName.','.$Slogan.','.$Business_Address.','.$Tel.','.$Website.','.$Email.','.$Member_Status.','.$Fax.',' 
.$type.','.$make.','.$Categories.','.$Keyword.','.$Picture1.','.$Headline.','.$Slogan2.','.$Description1.', 
'.$Description2.','.$Description3.','.$Contact2.' 
,'.$Picture2.','.$Picture3.','.$Picture4.','.$Password.') WHERE `User_Name` == `$User_Name`"; 


$result = mysql_query($sql); 
echo mysql_error(); 


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 



?>

Posted: Thu Oct 05, 2006 10:27 pm
by Flamie
sigh you're not understanding me, I'll write it for you:

Code: Select all

$sql = "UPDATE `Business_Info` SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan',  `Business_Address`='$Business_Address', `Tel`='$Tel', `Website`='$Website', `Email`='$Email', `Member_Status`='$Member_Status', `Fax`='$Fax', `type`=$type, `make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', `picture1`='$Picture1', `Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', `Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', `Picture2`='$Picture2', `Picture3`='$Picture3', `Picture4`='$Picture4', `Password`='$Password' WHERE `User_Name`='$User_Name'";

Posted: Thu Oct 05, 2006 11:43 pm
by s.dot
VALUES is for an INSERT statement

With updates, you only do SET `something` = '$something', `somethingelse` = '$somethingelse'

[edit]
use mysql_real_escape_string() instead of addslashes