Jump to content

error updating mySQL

Highland3r

By Highland3r
in MySQL Help

 Share

Recommended Posts

Highland3r Member

Highland3r

Posted
Posted

I have been wrighting a cms script for quite a while now and have recently added the fck editor now i can upload a couple of lins of text but anything mor and i get this error

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to usethis is my code here

 

 

<?php
require_once('../includes/DbConnector.php');
require_once('../includes/Validator.php');
include_once "../fckeditor/fckeditor.php";

$id = $_GET["id"];
$cmd = $_GET["cmd"];

$connector = new DbConnector();
$validator = new Validator();

mysql_select_db(" web116-edit"); 

//If cmd has not been initialized
if(!isset($cmd)) 
{
   $result = mysql_query("select * from cmsarticles order by id"); 
   

   while($r=mysql_fetch_array($result)) 
   { 

      $title=$r["title"];//take out the title
      $id=$r["ID"];//take out the id
       
      echo "<br>";
    }
}

if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
   if (!isset($_POST["Submit"]))
   {
      $sql = "SELECT thearticle FROM cmsarticles WHERE id='$id'";
      $result = mysql_query($sql);        
      $myrow = mysql_fetch_array($result);
      ?>      <form action="index.php?cmd=<?php echo $cmd; ?>&id=<?php echo $id; ?>" method="post">
        <p><? echo $myrow["title"] ?>
	  <?php 

  // Configure and output editor
  $oFCKeditor = new FCKeditor('thearticle');
  $oFCKeditor->BasePath = "/fckeditor/";
  $oFCKeditor->Value    = $myrow["thearticle"];
  $oFCKeditor->Width    = 540;
  $oFCKeditor->Height   = 400;
  echo $oFCKeditor->CreateHtml();
?>
	</p>
        <p>
          <input type="hidden" name="cmd" value="edit" />
          <input name="Submit" type="Submit" value="Publish" />
          <? echo $myrow["links"] ?></p>
      </form>
      <p>
        <?php } 
   if ($_POST["Submit"])
   {
$thearticle = $_POST["thearticle"];
$title = $_POST["title"];

$sql = "UPDATE cmsarticles SET title='$title', thearticle='$thearticle' WHERE id='$id'";
//replace thearticle with your table name above	

$result = mysql_query($sql) or die(mysql_error());
     
      echo "Thank you! Information updated.";
  
   }
}
?>

Any help appreciated.

 

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Since you are not escaping the string data being put into the query, it is highly likely that SQL special characters in the data, such as ' or ", are breaking the SQL syntax.

 

See this link - mysql_real_escape_string. Using mysql_real_escape_string on the string data being put into a query will also protect against sql injection in that data.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.