SQL syntax error wasn't there before...

[csteff24]

I'm getting the error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id = '160'' at line 1

 

This was working earlier...

 

<?php
include("include.php");
doDB();

if (!$_POST) {

$get_club_sql = "SELECT * FROM clubs WHERE id = '".$_GET["id"]."'";
$get_club_res = mysqli_query($mysqli, $get_club_sql)
       or die(mysqli_error($mysqli));

     while ($club_info = mysqli_fetch_array($get_club_res)) {
          $name = strtoupper($club_info['name']);
          $adv = $club_info['adv'];
          $meet = stripslashes($club_info['meet']);
          $descrip = stripslashes ($club_info['descrip']);
          $pres = $club_info['pres'];
          $email = $club_info['email']; }

     $display_block .= "
     <h1>".$name."</h1>

     <form action=\"\" method=\"post\"><p><strong>Faculty Advisor:</strong><br/>
     <input type=\"text\" name=\"adv\" size=\"30\" maxlength=\"50\" value=\"".$adv."\"></p>

     <p><strong>Meeting time/place:</strong><br/>
     <input type=\"text\" name=\"meet\" size=\"30\" maxlength=\"200\" value=\"".$meet."\">

     <p><strong>Student President - (if multiple, use &):</strong><br/>
     <input type=\"text\" name=\"pres\" size=\"30\" maxlength=\"50\" value=\"".$pres."\">

     <p><strong>President contact info:</strong><br/>
     <input type=\"text\" name=\"email\" size=\"30\" maxlength=\"50\" value=\"".$email."\">

     <p><strong>Club Description:</strong><br/>
     <textarea name=\"descrip\" cols=\"50\" rows=\"5\"
     wrap=\"virtual\">".$descrip."</textarea></p>

     <p><input type=\"submit\" name=\"submit\" value=\"Edit Club\"></p>
     </form>";

} else if ($_POST) {
     if ($_POST["adv"]) {

$update_adv_sql = "UPDATE clubs SET adv = '".$_POST["adv"]."' WHERE id = '".$_GET["id"]."'"; 
    $update_adv_res = mysqli_query($mysqli, $update_adv_sql)
         or die (mysqli_error($mysqli));
}
if ($_POST["meet"]) {

$update_meet_sql = "UPDATE clubs SET meet = '".$_POST["meet"]."' WHERE id = '".$_GET["id"]."'";

    $update_meet_res = mysqli_query($mysqli, $update_meet_sql)
         or die (mysqli_error($mysqli));
}
if ($_POST["pres"]) {

$update_pres_sql = "UPDATE clubs SET pres = '".$_POST["pres"]."' WHERE id = '".$_GET["id"]."'"; 

    $update_pres_res = mysqli_query($mysqli, $update_pres_sql)
         or die (mysqli_error($mysqli));
}
if ($_POST["email"]) {

$update_email_sql = "UPDATE clubs SET email = '".$_POST["email"]."' id = '".$_GET["id"]."'"; 

    $update_email_res = mysqli_query($mysqli, $update_email_sql)
         or die (mysqli_error($mysqli));
}

if ($_POST["descrip"]) {

$update_descrip_sql = "UPDATE clubs SET descrip = '".$_POST["descrip"]."' id = '".$_GET["id"]."'";  

    $update_descrip_res = mysqli_query($mysqli, $update_descrip_sql)
         or die (mysqli_error($mysqli));
}



mysqli_close($mysqli);
$display_block = "<p>Your entry has been edited.</p>";

}
?>

<html>
<head>
<title>Edit Club</title>
</head>
<body>
<?php echo $display_block; ?>
</body>
</html>

Thanks!

[syed]

Hi Online  csteff24 is the id field an int? if so have you tried removing the single quotes. By the way you should not use the $_GET variable directly in your sql like you have without putting it through a cleaning process.

[rajivgonsalves]

your last two update statements do not have a where clause ??

[cags]

Plus the most likely reason it would fail is because you don't have id=something in the url so $_GET['id'] has no value in it.