Page 1 of 1

help with php+mysql UPDATE

Posted: Fri Oct 22, 2004 5:12 pm
by Diod

Code: Select all

$query = "UPDATE news SET text =". nl2br($_POST['text']).", author =". $_POST['author'] .", email =". $_POST['email'] .", title =".$_POST['title']." WHERE ID = " . $_GET ['id'].";";
  $result = mysql_query($query,$db) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $query . "<br />\nError: (" . mysql_errno() . ") " .
mysql_error());
gives

A fatal MySQL error occured.
Query:
Error: (1064) You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Posted: Fri Oct 22, 2004 6:46 pm
by timvw
you do know that you have to escape fields that are of type VARCHAR in MySQL??

Code: Select all

UPDATE news SET text='bar';

Code: Select all

$text = mysql_escape_string(nl2br($_POST['text']));
$query = "UPDATE news SET text='$text'";

Posted: Sat Oct 23, 2004 4:54 am
by Diod
well text isnt varchar, it is a BLOB

Posted: Sat Oct 23, 2004 8:15 am
by timvw

Posted: Mon Oct 25, 2004 6:15 am
by ibizconsultants
You need to enclose text fields in single quotes.

e.g.

Code: Select all

$query = "UPDATE news SET text ='". nl2br($_POST&#1111;'text'])."', author ='". $_POST&#1111;'author'] ."', email ='". $_POST&#1111;'email'] ."', title ='".$_POST&#1111;'title']."' WHERE ID = " . $_GET &#1111;'id'].";";  

$result = mysql_query($query,$db) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $query . "<br />\nError: (" . mysql_errno() . ") " .mysql_error());
Hope this helps.

http://www.ibizconsultants.com