SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why wont this work?

    PHP Code:
    $sql "UPDATE pages SET pagename='$pagename', live='$live', title='$title' WHERE id='$id'"
    Keep getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Allan'', live=''false'', title=''sasasas'' WHERE id=36' at line 1

    I cant see a problem though, heres the code surrounding it:

    PHP Code:
    $pagename $validate->validateinput($_POST['pagename']); //Validate user input 
                    
    $title $validate->validateinput($_POST['title']);
                    
    $live $validate->validateinput($_POST['live']);
                    
                        
                    
    $sql "UPDATE pages SET pagename='$pagename', live='$live', title='$title' WHERE id='$id'";
                        
                    
    $result $connector->query($sql) or die (mysql_error()); 
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Print out the full query as it's passed to the db.
    Saul

  3. #3
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is what i got:

    UPDATE pages SET pagename=''Allan'', live=''false'', title=''sasasas'' WHERE id=36
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  4. #4
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You use two apostrophes instead of double quotes. I don't know why on earth would you do that, but you shouldn't. Use single or double quotes to wrap the values.
    Saul

  5. #5
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorted it, i was using single quotes around my variables, whereas mysql automatically put them in, this in turn changed them to double quotes and it didnt like it

    Thx for the time though
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  6. #6
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by php_daemon
    You use two apostrophes instead of double quotes. I don't know why on earth would you do that, but you shouldn't. Use single or double quotes to wrap the values.
    Nope i didnt, i used double quotes around the entire syntax then single around '$pagename'. But mysql seems to put another set of single quotes on automatically
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  7. #7
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Really? Hm, maybe. I'll keep that in mind.
    Saul

  8. #8
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well you can see in my code i posted that i have only used single quotes around the values, but when looking on the mysql referance for update() they dont use quotes at all, i changed my code accordingly and when i echo out the query i got this:

    UPDATE pages SET pagename='Allan', live='false', title='sasasas' WHERE id=36

    So the single quotes have been added by mysql. Deffinately worth keeping in mind
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  9. #9
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    echo $pagename;

    "you" have added single quotes to your variables. mysql doesnt do this. your validateinput() function may be the culprit.

    make sure you understand this.

  10. #10
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    :O ill look now
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  11. #11
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    heres the problem
    PHP Code:
    // Quote if not a number or a numeric string
            
    if (!is_numeric($input)) {
            
            
    $input "'" mysql_real_escape_string($input) . "'";
            
            } 
    thanks for pointing that out clamcrusher (saved again )
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •