Hi,
I have built a simple PHP CMS system based on a tutorial but am having some serious problems with it. The tutorial I used was for adding 2 fields to a database item and worked fine. However, I have amended the files so they now are capable of amending 3 fields (there will be more fields evenutally but thought I should start off with just one extra). This works fine in the add field to database section but in the edit fields section keeps throwing up this line after I press the update button:
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = '5'' at line 1
The script used on this page is:
<?php
include 'library/config.php';
include 'library/opendb.php';
if(isset($_GET['id']))
{
$query = "SELECT id, name, description, add1 ".
"FROM suppliers_uk ".
"WHERE id = '{$_GET['id']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $name, $description, $add1) = mysql_fetch_array($result, MYSQL_NUM);
$description = htmlspecialchars($description);
}
else if(isset($_POST['name']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$description = $_POST['description'];
$add1 = $_POST['add1'];
if(!get_magic_quotes_gpc())
{
$name = addslashes($name);
$description = addslashes($description);
$add1 = addslashes($add1);
}
// update the article in the database
$query = "UPDATE suppliers_uk ".
"SET name = '$name', description = '$description', add1 = '$add1', ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<p align='center'>Supplier updated</p>";
// now we will display $name & description
// so strip out any slashes
$name = stripslashes($name);
$description = stripslashes($description);
$add1 = stripslashes($add1);
}
include 'library/closedb.php';
?>
<form method="post" action="cms-edit.php">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">name</td>
<td><input name="name" type="text" class="box" id="name" value="<?=$name;?>"></td>
</tr>
<tr>
<td width="100">description</td>
<td><textarea name="description" cols="50" rows="10" class="box" id="description"><?=$description;?></textarea></td>
</tr>
<tr>
<td width="100">add1</td>
<td><textarea name="add1" cols="50" rows="10" class="box" id="add1"><?=$add1;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="update" type="submit" class="box" id="update" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="cms-admin.php">Back to admin page[/url]</p>
</form>
When I changed from editing 2 fields to 3 fields I literally added an extra option for the $add1 field wherever I saw the other two fields. Was this the right thing to do? Can anyone please help me with this problem and let me know why this error is occurring.
Thanks
Problem with PHP CMS System
Moderator: General Moderators
Re: Problem with PHP CMS System
Looks like it might be the extra comma after "add1".
Code: Select all
query = "UPDATE suppliers_uk SET name = '$name', description = '$description', add1 = '$add1' WHERE id = '$id' ";Re: Problem with PHP CMS System
Code: Select all
$query = "UPDATE suppliers_uk ".
"SET name = '$name', description = '$description', add1 = '$add1', ".
"WHERE id = '$id'";
http://us2.php.net/manual/en/function.m ... string.php
Re: Problem with PHP CMS System
Hey,
Thanks so much for your help. In the end I tried a different way of creating my CMS system and works really well. But will remember your suggestions for future problem and will definately look at making my database more secure.
Thanks!!
Thanks so much for your help. In the end I tried a different way of creating my CMS system and works really well. But will remember your suggestions for future problem and will definately look at making my database more secure.
Thanks!!