Page 1 of 1

Update issues

Posted: Thu Feb 12, 2009 4:19 pm
by grandroyal
I get this error: Unable to query:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group = 'Personal', title = 'hello', notes = 'erigeorijg' where photoID=31' at line 1

when i submit a form to this:

Code: Select all

<?php include("includes/header_nav.php"); ?>
<div class="contwrapper">
<?php include("includes/db_connect.php"); ?>
 
<?php
 
$vgroup = $_POST['igroup'];
$vphotoid = $_POST['iphotoid'];
$vtitle = $_POST['ititle'];
$vnotes = $_POST['inotes'];
 
$query = "update photo set group = '$vgroup', title = '$vtitle', notes = '$vnotes' where photoID=$vphotoid";
            
mysql_query($query) or die("Unable to query:".mysql_error());
           
echo "<div class='textheader'>Photo Saved<br/><a href='photo_upload.php'>Back</a></div>";
        
mysql_close($con);
?>
</div>
</div>
</body>
</html>
 
I can't see anything wrong with my syntax and obviously its pulling the variables fine and the table name and column names are all accurate. There are mor columns in the table but that shouldn't matter right? PLEASE HELP

Re: Update issues

Posted: Thu Feb 12, 2009 5:05 pm
by sparrrow
Well I'll admit, nothing jumps out at me right off the bat. Can you:

Code: Select all

echo $query;
To see the full query?

Re: Update issues

Posted: Thu Feb 12, 2009 5:16 pm
by John Cartwright
group is a reserved word. Either wrap it in backticks "`" or change the column name. I would seriously recommend you pass all your input variables atleast through mysql_real_escape_string() for strings, and typecast to (int) or intval() for numerical data.

Re: Update issues

Posted: Thu Feb 12, 2009 5:17 pm
by grandroyal
update photo set group = 'Personal', title = 'hello', notes = 'erigeorijg' where photoID='31'

Re: Update issues

Posted: Thu Feb 12, 2009 5:20 pm
by sparrrow
John Cartwright wrote:group is a reserved word. Either wrap it in backticks "`" or change the column name. I would seriously recommend you pass all your input variables atleast through mysql_real_escape_string() for strings, and typecast to (int) or intval() for numerical data.
Ah, good eye! I missed that. :) http://dev.mysql.com/doc/refman/5.1/en/ ... words.html

Re: Update issues

Posted: Thu Feb 12, 2009 5:23 pm
by grandroyal
John Cartwright wrote:group is a reserved word. Either wrap it in backticks "`" or change the column name. I would seriously recommend you pass all your input variables atleast through mysql_real_escape_string() for strings, and typecast to (int) or intval() for numerical data.
Thank you so much