Noskiw Posted May 1, 2010 Share Posted May 1, 2010 <?php class modernCMS { var $host; var $username; var $password; var $db; function connect(){ $con = mysql_connect($this->host, $this->username, $this->password) or die(mysql_error()); mysql_select_db($this->db, $con) or die(mysql_error()); } function get_content($id = ''){ $id = mysql_real_escape_string($id); if($id != ''){ $sql = "SELECT * FROM cms_content WHERE id='" . $id . "'"; $return = "<a href='index.php'>Go back to content</a>"; }else{ $sql = "SELECT * FROM cms_content ORDER BY id DESC"; } $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) != 0){ while($row = mysql_fetch_assoc($res)){ echo "<h1><a href='index.php?id=" . $row['id'] . "'>" . $row['title'] . "</a></h1>"; echo "<p>" . $row['body'] . "</p>"; echo $return; } }else{ echo "<p>ID for post does not exist!</p>"; } } function manage_content(){ echo '<div id="manage">'; $sql = "SELECT * FROM cms_content"; $res = mysql_query($sql) or die(mysql_error()); while($row = mysql_fetch_assoc($res)){ echo" <div> <h2 class='title'>" . $row['title'] . "</h2> <span class='actions'><a href='#'>Edit</a> | <a href='?delete=" . $row['id'] . "'>Delete</a></span> </div>"; } echo "</div>"; } function delete_content($id){ if(!$id){ return false; }else{ $id = mysql_real_escape_string($id); $sql = "DELETE FROM cms_content WHERE id'" . $id . "'"; $res = mysql_query($sql) or die(mysql_error()); echo "Content Deleted Succesffuly"; } } } ?> My error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM cms_content WHERE id'1'' at line 1 I'm assuming that it's an error with this line $sql = "DELETE FROM cms_content WHERE id'" . $id . "'"; Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/ Share on other sites More sharing options...
Mchl Posted May 1, 2010 Share Posted May 1, 2010 $sql = "DELETE FROM cms_content WHERE id = '" . $id . "'"; Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051649 Share on other sites More sharing options...
onthespot Posted May 1, 2010 Share Posted May 1, 2010 As the previous user wrote, you are missing the = Simples! Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051654 Share on other sites More sharing options...
Noskiw Posted May 1, 2010 Author Share Posted May 1, 2010 Thanks, that worked But I seem to be having another error I want to be able to put 'smiley faces' on my post's title(s). But yet, I always get an error. is there a way of fixing this? <?php class modernCMS { var $host; var $username; var $password; var $db; function connect(){ $con = mysql_connect($this->host, $this->username, $this->password) or die(mysql_error()); mysql_select_db($this->db, $con) or die(mysql_error()); } function get_content($id = ''){ $id = mysql_real_escape_string($id); if($id != ''){ $sql = "SELECT * FROM cms_content WHERE id='" . $id . "'"; $return = "<a href='index.php'>Go back to content</a>"; }else{ $sql = "SELECT * FROM cms_content ORDER BY id DESC"; } $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) != 0){ while($row = mysql_fetch_assoc($res)){ echo "<h1><a href='index.php?id=" . $row['id'] . "'>" . $row['title'] . "</a></h1>"; echo "<p>" . $row['body'] . "</p>"; echo $return; } }else{ echo "<p>ID for post does not exist!</p>"; } } function manage_content(){ echo '<div id="manage">'; $sql = "SELECT * FROM cms_content"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res)==0){ echo "There are no posts. <a href='add-content.php'>Add one now!</a>"; } while($row = mysql_fetch_assoc($res)){ echo" <div> <h2 class='title'>" . $row['title'] . "</h2> <span class='actions'><a href='update-content.php?id='" . $row['id'] . "'>Edit</a> | <a href='?delete=" . $row['id'] . "'>Delete</a></span> </div>"; } echo "</div>"; } function delete_content($id){ if(!$id){ return false; }else{ $id = mysql_real_escape_string($id); $sql = "DELETE FROM cms_content WHERE id = '" . $id . "'"; $res = mysql_query($sql) or die(mysql_error()); echo "Content Deleted Succesffuly"; } } function add_content(){ if(!$_POST['submit']){ echo "<form action='add-content.php' method='POST'>"; echo "<tr><td><input type='text' name='title' /></td></tr><br />"; echo "<textarea name='body' width='140' height='40'></textarea><br />"; echo "<tr><td colspan='2'><input type='submit' name='submit' value='Post' /></td></tr>"; echo "</form>"; }else{ $id = $_POST['id']; $title = htmlspecialchars($_POST['title']); $body = htmlspecialchars($_POST['body']); $sql = "INSERT INTO cms_content (id, title, body) VALUES('".$id."','".$title."','".$body."')"; $res = mysql_query($sql) or die(mysql_error()); echo "Row successfully entered"; } } } ?> Look at this bit in particular function add_content(){ if(!$_POST['submit']){ echo "<form action='add-content.php' method='POST'>"; echo "<tr><td><input type='text' name='title' /></td></tr><br />"; echo "<textarea name='body' width='140' height='40'></textarea><br />"; echo "<tr><td colspan='2'><input type='submit' name='submit' value='Post' /></td></tr>"; echo "</form>"; }else{ $id = $_POST['id']; $title = htmlspecialchars($_POST['title']); $body = htmlspecialchars($_POST['body']); $sql = "INSERT INTO cms_content (id, title, body) VALUES('".$id."','".$title."','".$body."')"; $res = mysql_query($sql) or die(mysql_error()); echo "Row successfully entered"; } } I want to be able to add 'smiley faces' such as ":')" and ":'(" and "" But it won't let me because of the punctuation and it affects the sql query I'm assuming. Which really sucks Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051657 Share on other sites More sharing options...
newbtophp Posted May 1, 2010 Share Posted May 1, 2010 To avoid sql errors, escape the data, with mysql_real_escape_string() before querying. Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051660 Share on other sites More sharing options...
Ken2k7 Posted May 1, 2010 Share Posted May 1, 2010 Please refrain from posting irrelevant code. Just post the relevant part(s). Posting everything doesn't help. mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051661 Share on other sites More sharing options...
Noskiw Posted May 2, 2010 Author Share Posted May 2, 2010 Thank you. That worked. All I have now is a javascript error so I shall post that in the javascript help section Link to comment https://forums.phpfreaks.com/topic/200401-massive-sql-error/#findComment-1051850 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.