Page 1 of 1

SQL SYNTAX ERROR, Please Help

Posted: Fri Nov 22, 2002 12:25 pm
by urb
The error reads as follows:

" You have an error in your SQL syntax near 'WHERE catid="3"' at line 1 "


Here is the block of code.

<?

$sql = " SELECT * FROM categories WHERE catid=\"$catid\" ";
$result = mysql_db_query($tablename, $sql);

if(mysql_error()!=""){
echo mysql_error();
}
if(!$row = mysql_fetch_array($result)){
echo "Required information has been deleted." ;
} else {
$sql = "UPDATE categories SET ";
$sql = $sql." name=\"".trim(addslashes(stripslashes$name)))."\", "; $sql = $sql." description=\"".trim(addslashes(stripslashes($description)))."\", ";
$sql = $sql." WHERE catid=\"$catid\"";
$result = mysql_db_query($tablename, $sql); if(mysql_error()!="")
{
echo mysql_error();
}
echo "<TABLE cellspacing=0 cellpadding=0 Align=center width='650' border=0> <tr><td align=center height=25><b>Thanks</b></td></tr><tr ><td align=center height=25><b>Your Information have been Successfully added.</b></td></tr></table> ";
}

?>



Thank you for your time,

Matt Urban

Posted: Fri Nov 22, 2002 5:31 pm
by mydimension
if i read the context of $tablename correctly than you can't pass a table name to that function. you have to pass the database name.

Posted: Sat Nov 23, 2002 12:46 am
by urb
$tablename is a temp variable that i put but in the real code i place actual database name

Posted: Tue Nov 26, 2002 11:29 am
by urb
Im still having trouble with the code mentioned above. Can someone please help?

Posted: Tue Nov 26, 2002 3:09 pm
by Rob the R
I think your code above is missing a left-parenthesis at:

Code: Select all

trim(addslashes(stripslashes$name)))
it should be:

Code: Select all

trim(addslashes(stripslashes($name)))
If that's not the problem, try replacing your call to MY_SQL_DB_QUERY with just an "echo $sql" so you can see what the SQL statement is built as. That should make it easier to notice any malformed SQL statements.

Posted: Wed Nov 27, 2002 4:54 am
by twigletmac
First of all (although it isn't related to the problem) mysql_db_query() is deprecated and shouldn't be used, mysql_select_db() and mysql_query() should be used instead.

Try the following code, which will not only give you the error but will print out the associated SQL statement if it does not work which will give you the opportunity to check that it is alright.

Code: Select all

&lt;?php

$sql = "SELECT catid FROM categories WHERE catid = $catid"; 
@mysql_select_db($tablename) or die(mysql_error());
@$result = mysql_query($sql) or die(mysql_error().'&lt;p&gt;'.$sql.'&lt;/p&gt;');

if (mysql_num_rows($result) &lt; 1) {
	echo 'Required information has been deleted.';
} else {
	$sql  = "UPDATE categories ";
	$sql .= "SET name = '".addslashes(trim($name))."', description = '".addslashes(trim($description))."' ";
	$sql .= "WHERE catid = $catid";
	@mysql_query($sql) or die(mysql_error().'&lt;p&gt;'.$sql.'&lt;/p&gt;');
}

?&gt;

&lt;table cellspacing="0" cellpadding="0" align="center" width="650" border="0"&gt;
&lt;tr&gt;
	&lt;td align="center"&gt;&lt;b&gt;Thanks&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
	&lt;td align="center"&gt;&lt;b&gt;Your Information have been Successfully added.&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
Mac

Posted: Wed Nov 27, 2002 9:37 pm
by urb
Thank you very much for your help with the code. The above post code works like a champ. I appreciate it.



Thank you

Matt Urban
a.k.a. URB