h4v0c Posted September 7, 2006 Share Posted September 7, 2006 PHP version: 4.4.4MySQL version: 4.1.2Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's style of relating when things are going well and in conflict.Code:[code]$host = "server URL" ; $login = "user name" ; $pwd = "password" ; $db = "clientd_psp" ; $conn = mysql_connect("$host", "$login", "$pwd") or die('SQL Error: '.mysql_error().'') ; mysql_select_db($db, $conn) ; $edit = stripslashes($_POST['PSP_editor']); $page = $_POST['page_id_value']; $result = mysql_query("UPDATE `content_tbl` SET `page_content`='$edit' WHERE `page_id`='$page'"); if(!$result) echo mysql_error();[/code]wtf? the query should be perfect. what gives? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted September 7, 2006 Share Posted September 7, 2006 Change this:[code]<?php $result = mysql_query("UPDATE `content_tbl` SET `page_content`='$edit' WHERE `page_id`='$page'"); if(!$result) echo mysql_error();?>[/code]to[code]<?php $query = "UPDATE `content_tbl` SET `page_content`='$edit' WHERE `page_id`='$page'"; $result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error());?>[/code]This will print out the query. Check it for errors.Ken Quote Link to comment Share on other sites More sharing options...
obsidian Posted September 7, 2006 Share Posted September 7, 2006 looks like you're not escaping your variables. run all your user entered text through mysql_real_escape_string() and you should be fine. Quote Link to comment Share on other sites More sharing options...
h4v0c Posted September 7, 2006 Author Share Posted September 7, 2006 i would serisouly buy you two a beer right now. thanks so much guys. ;D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.