Problem with PHP CMS System
Posted: Fri Jul 11, 2008 10:55 am
Hi,
I have built a simple PHP CMS system based on a tutorial but am having some serious problems with it. The tutorial I used was for adding 2 fields to a database item and worked fine. However, I have amended the files so they now are capable of amending 3 fields (there will be more fields evenutally but thought I should start off with just one extra). This works fine in the add field to database section but in the edit fields section keeps throwing up this line after I press the update button:
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = '5'' at line 1
The script used on this page is:
<?php
include 'library/config.php';
include 'library/opendb.php';
if(isset($_GET['id']))
{
$query = "SELECT id, name, description, add1 ".
"FROM suppliers_uk ".
"WHERE id = '{$_GET['id']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $name, $description, $add1) = mysql_fetch_array($result, MYSQL_NUM);
$description = htmlspecialchars($description);
}
else if(isset($_POST['name']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$description = $_POST['description'];
$add1 = $_POST['add1'];
if(!get_magic_quotes_gpc())
{
$name = addslashes($name);
$description = addslashes($description);
$add1 = addslashes($add1);
}
// update the article in the database
$query = "UPDATE suppliers_uk ".
"SET name = '$name', description = '$description', add1 = '$add1', ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<p align='center'>Supplier updated</p>";
// now we will display $name & description
// so strip out any slashes
$name = stripslashes($name);
$description = stripslashes($description);
$add1 = stripslashes($add1);
}
include 'library/closedb.php';
?>
<form method="post" action="cms-edit.php">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">name</td>
<td><input name="name" type="text" class="box" id="name" value="<?=$name;?>"></td>
</tr>
<tr>
<td width="100">description</td>
<td><textarea name="description" cols="50" rows="10" class="box" id="description"><?=$description;?></textarea></td>
</tr>
<tr>
<td width="100">add1</td>
<td><textarea name="add1" cols="50" rows="10" class="box" id="add1"><?=$add1;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="update" type="submit" class="box" id="update" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="cms-admin.php">Back to admin page[/url]</p>
</form>
When I changed from editing 2 fields to 3 fields I literally added an extra option for the $add1 field wherever I saw the other two fields. Was this the right thing to do? Can anyone please help me with this problem and let me know why this error is occurring.
Thanks
I have built a simple PHP CMS system based on a tutorial but am having some serious problems with it. The tutorial I used was for adding 2 fields to a database item and worked fine. However, I have amended the files so they now are capable of amending 3 fields (there will be more fields evenutally but thought I should start off with just one extra). This works fine in the add field to database section but in the edit fields section keeps throwing up this line after I press the update button:
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = '5'' at line 1
The script used on this page is:
<?php
include 'library/config.php';
include 'library/opendb.php';
if(isset($_GET['id']))
{
$query = "SELECT id, name, description, add1 ".
"FROM suppliers_uk ".
"WHERE id = '{$_GET['id']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $name, $description, $add1) = mysql_fetch_array($result, MYSQL_NUM);
$description = htmlspecialchars($description);
}
else if(isset($_POST['name']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$description = $_POST['description'];
$add1 = $_POST['add1'];
if(!get_magic_quotes_gpc())
{
$name = addslashes($name);
$description = addslashes($description);
$add1 = addslashes($add1);
}
// update the article in the database
$query = "UPDATE suppliers_uk ".
"SET name = '$name', description = '$description', add1 = '$add1', ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<p align='center'>Supplier updated</p>";
// now we will display $name & description
// so strip out any slashes
$name = stripslashes($name);
$description = stripslashes($description);
$add1 = stripslashes($add1);
}
include 'library/closedb.php';
?>
<form method="post" action="cms-edit.php">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">name</td>
<td><input name="name" type="text" class="box" id="name" value="<?=$name;?>"></td>
</tr>
<tr>
<td width="100">description</td>
<td><textarea name="description" cols="50" rows="10" class="box" id="description"><?=$description;?></textarea></td>
</tr>
<tr>
<td width="100">add1</td>
<td><textarea name="add1" cols="50" rows="10" class="box" id="add1"><?=$add1;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="update" type="submit" class="box" id="update" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="cms-admin.php">Back to admin page[/url]</p>
</form>
When I changed from editing 2 fields to 3 fields I literally added an extra option for the $add1 field wherever I saw the other two fields. Was this the right thing to do? Can anyone please help me with this problem and let me know why this error is occurring.
Thanks