mysql update - killing myself here

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ayfine
Forum Newbie
Posts: 22
Joined: Mon Nov 27, 2006 4:52 pm

mysql update - killing myself here

Post by ayfine »

hey all,

I've been trying to figure this one out for some time now.

I call this function to validate a user, and I get this error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group = '1' where id ='10'' at line 1

code for the function :

Code: Select all

function validate($id) {
	$sql = mysql_query("update watch_users set group = '1' where id ='$id'") or die(mysql_error());
}
code for what calls it :

Code: Select all

if($_GET['do'] == "validate") {
		validate($_POST['user_id']);
		echo "<h4>user validated</h4>";
	}
Please don't tell me that group is a term like desc and can't be used...

Thanks in advance.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Group is indeed a reserved word, due to "GROUP BY."

If you surround your table names and column names in backticks (`), it won't be a problem.

Code: Select all

update `watch_users` set `group` = 1 where `id` ='$id'
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

on another note, your code is vulnerable to SQL injection. You should pass all your string data through mysql_real_escape_string(), and all integer data through intval() or similar functions.
Post Reply