GreenSmurf Posted May 27, 2008 Share Posted May 27, 2008 Can someone help me? I seem to have stumped myself (not very hard to do). $sql = "UPDATE $table SET firstname=".sql_safe($firstname).",lastname=".sql_safe($lastname).", firstname2=".sql_safe($firstname2).",lastname2=".sql_safe($lastname).",clientID=".sql_safe($clientID).", boss=".sql_safe($boss).",address=".sql_safe($address).",home=".sql_safe($home).",mobile=".sql_safe($home).", work=".sql_safe($work).",email=".sql_safe($email).",email2=".sql_safe($email2).",bday=".sql_safe($bday).", bmonth=".sql_safe($bmonth).",byear=".sql_safe($byear).",address2=".sql_safe($address2).",phone2=".sql_safe($phone2).", accnt=".sql_safe($accnt).",fax=".sql_safe($fax).",ext=".sql_safe($ext).", notes=".sql_safe(."CONCAT(today,' - ','".sql_safe($status)."',' - ',newnotes,CHAR(13),notes)".).",status=".sql_safe($status).", status2=".sql_safe($status2).",status3=".sql_safe($status3).",status4=".sql_safe($status4).", personal=".sql_safe($personal).",business=".sql_safe($business).",payroll=".sql_safe($payroll).", retainer=".sql_safe($retainer).",qb=".sql_safe($qb).",comment=".sql_safe($comment)." WHERE id=$id"; ERROR on this line: notes=".sql_safe(."CONCAT(today,' - ','".sql_safe($status)."',' - ',newnotes,CHAR(13),notes)".).",status=".sql_safe($status).", Thanks. -Brandon Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/ Share on other sites More sharing options...
BlueSkyIS Posted May 27, 2008 Share Posted May 27, 2008 echo $sql and see what it says. Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551194 Share on other sites More sharing options...
GreenSmurf Posted May 27, 2008 Author Share Posted May 27, 2008 I have the it set to output $sql but before the page loads I get: Parse error: syntax error, unexpected '.', expecting ')' in C:\Program Files\Abyss Web Server\htdocs\edit.php on line 102 Slightly different code: $sql = "UPDATE $table SET firstname=".sql_safe($firstname).",lastname=".sql_safe($lastname).", firstname2=".sql_safe($firstname2).",lastname2=".sql_safe($lastname).",clientID=".sql_safe($clientID).", boss=".sql_safe($boss).",address=".sql_safe($address).",home=".sql_safe($home).",mobile=".sql_safe($home).", work=".sql_safe($work).",email=".sql_safe($email).",email2=".sql_safe($email2).",bday=".sql_safe($bday).", bmonth=".sql_safe($bmonth).",byear=".sql_safe($byear).",address2=".sql_safe($address2).",phone2=".sql_safe($phone2).", accnt=".sql_safe($accnt).",fax=".sql_safe($fax).",ext=".sql_safe($ext).", notes=".sql_safe(."CONCAT(today,' - ','".sql_safe($status)."',' - ',newnotes,CHAR(13),notes)".).",status=".sql_safe($status).", status2=".sql_safe($status2).",status3=".sql_safe($status3).",status4=".sql_safe($status4).", personal=".sql_safe($personal).",business=".sql_safe($business).",payroll=".sql_safe($payroll).", retainer=".sql_safe($retainer).",qb=".sql_safe($qb).",comment=".sql_safe($comment)." WHERE id=$id"; -Brandon Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551199 Share on other sites More sharing options...
BlueSkyIS Posted May 27, 2008 Share Posted May 27, 2008 fixed that $sql = "UPDATE $table SET firstname=".sql_safe($firstname).",lastname=".sql_safe($lastname).", firstname2=".sql_safe($firstname2).",lastname2=".sql_safe($lastname).",clientID=".sql_safe($clientID).", boss=".sql_safe($boss).",address=".sql_safe($address).",home=".sql_safe($home).",mobile=".sql_safe($home).", work=".sql_safe($work).",email=".sql_safe($email).",email2=".sql_safe($email2).",bday=".sql_safe($bday).", bmonth=".sql_safe($bmonth).",byear=".sql_safe($byear).",address2=".sql_safe($address2).",phone2=".sql_safe($phone2).", accnt=".sql_safe($accnt).",fax=".sql_safe($fax).",ext=".sql_safe($ext).", notes=".sql_safe("CONCAT(today,' - ','".sql_safe($status)."',' - ',newnotes,CHAR(13),notes)").",status=".sql_safe($status).", status2=".sql_safe($status2).",status3=".sql_safe($status3).",status4=".sql_safe($status4).", personal=".sql_safe($personal).",business=".sql_safe($business).",payroll=".sql_safe($payroll).", retainer=".sql_safe($retainer).",qb=".sql_safe($qb).",comment=".sql_safe($comment)." WHERE id=$id"; Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551207 Share on other sites More sharing options...
GreenSmurf Posted May 27, 2008 Author Share Posted May 27, 2008 Could you please explain why the . was not needed with the " in the line of code? -Brandon Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551208 Share on other sites More sharing options...
GreenSmurf Posted May 28, 2008 Author Share Posted May 28, 2008 Ok, the ""s did not quite fix the problem like I had thought. They still write but they give unintended output. When a new note is made the query should be sent to SQL and today will get its value from CURDATE() eg. 2008-5-28 and newnotes are the new notes input by the user obviously. Status is grabbed from a drop down menu and input automatically by the script. The CONCAT portion of the code is intended to create a list of notes in a format similar to this: 2008-5-28 - Cancelled - Code Failed 2008-5-27 - Cancelled - Either PHP or CONCAT code is wrong! 2008-5-26 - Complete - Code Works! if($resultsnumber > 0) { if($newnotes != NULL AND $firstname!=NULL AND $lastname!=NULL) { $sql = "UPDATE $table SET newnotes='".sql_safe($newnotes)."', today=CURDATE() WHERE id=$id"; $result = mysql_query($sql); echo $sql."<br><br>"; $sql = "UPDATE $table SET firstname=".sql_safe($firstname).",lastname=".sql_safe($lastname).", firstname2=".sql_safe($firstname2).",lastname2=".sql_safe($lastname).",clientID=".sql_safe($clientID).", boss=".sql_safe($boss).",address=".sql_safe($address).",home=".sql_safe($home).",mobile=".sql_safe($home).", work=".sql_safe($work).",email=".sql_safe($email).",email2=".sql_safe($email2).",bday=".sql_safe($bday).", bmonth=".sql_safe($bmonth).",byear=".sql_safe($byear).",address2=".sql_safe($address2).",phone2=".sql_safe($phone2).", accnt=".sql_safe($accnt).",fax=".sql_safe($fax).",ext=".sql_safe($ext).", notes=CONCAT(today,' - ',".sql_safe($status).",' - ',newnotes,CHAR(13),notes),status=".sql_safe($status).", status2=".sql_safe($status2).",status3=".sql_safe($status3).",status4=".sql_safe($status4).", personal=".sql_safe($personal).",business=".sql_safe($business).",payroll=".sql_safe($payroll).", retainer=".sql_safe($retainer).",qb=".sql_safe($qb).",comment=".sql_safe($comment)." WHERE id=$id"; Any ideas? I am unsure if it is the PHP or the mySQL that is incorrect all I know is the mySQL works perfectly if I type it in manually to Query with assigned values and it was working before I tried to use sql_safe() sql_safe() Code: //Funtion function sql_safe($value,$allow_wildcards = false, $detect_numeric = true) { // Taken from the PHP site and modified for wildcards and automatic formatting for numbers/strings. // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON. if (get_magic_quotes_gpc()) { if(ini_get('magic_quotes_sybase')) { $value = str_replace("''", "'", $value); } else { $value = stripslashes($value); } } //Escape wildcards for SQL injection protection on LIKE, GRANT, and REVOKE commands. if (!$allow_wildcards) { $value = str_replace('%','\%',$value); $value = str_replace('_','\_',$value); } // Quote if $value is a string and detection enabled. if ($detect_numeric) { if (!is_numeric($value)) { return "'" . mysql_real_escape_string($value) . "'"; } } return mysql_real_escape_string($value); } //End Function I think the problem may be here. If so, I hope to get the topic moved to the SQL help forums. -Brandon Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551848 Share on other sites More sharing options...
GreenSmurf Posted May 28, 2008 Author Share Posted May 28, 2008 $sql = "UPDATE $table SET newnotes='".sql_safe($newnotes)."', today=CURDATE() WHERE id=$id"; $result = mysql_query($sql); The error was on this line of code. It was a SQL error not PHP. Code should have been. [code]$sql = "UPDATE $table SET newnotes=".sql_safe($newnotes).", today=CURDATE() WHERE id=$id"; $result = mysql_query($sql); Because the function sql_safe adds in '' automatically to every string. -Brandon[/code] Link to comment https://forums.phpfreaks.com/topic/107529-solved-mysql-and-php-concat-err/#findComment-551901 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.