Jump to content

Simple CMS Application problem,


djlfreak

Recommended Posts

Hi All,

I would be very grateful if someone could help me with this problem.

I have a simple cms application for a movie review page and its all working fine except for the Change User Information button. I keep getting the error:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_id = 1' at line 4

 

The problem  is in this piece of code from transact_user.php:


case 'Change my info':
        session_start();
        $email = (isset($_POST['email'])) ? $_POST['email'] : '';
        $name = (isset($_POST['name'])) ? $_POST['name'] : '';
        if (!empty($name) && !empty($email) && !empty($_SESSION['user_id']))
        {
            $sql = 'UPDATE cms_users SET
                    email = "' . mysql_real_escape_string($email, $db) . '",
                    name = "' . mysql_real_escape_string($name, $db) . '",
                WHERE
                    user_id = ' . $_SESSION['user_id'];
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_cpanel.php');
        break;

 

 

This is the code for the change user information form in c_panal.php.

$db = mysql_connect('localhost', 'root', '') or
    die ('Unable to connect. Check your connection parameters.');


mysql_select_db('dvdff', $db) or die(mysql_error($db));

$sql = 'SELECT
        email, name
    FROM
        cms_users
    WHERE
        user_id=' . $_SESSION['user_id'];
$result = mysql_query($sql, $db) or die(mysql_error($db));

$row = mysql_fetch_array($result);
extract($row);
mysql_free_result($result);
?>
<h2>User Info</h2>
<form method="post" action="cms_transact_user.php">
<table>
  <tr>
   <td><label for="name">Full Name:</label></td>
   <td><input type="text" id="name" name="name" maxlength="100"
     value="<?php echo htmlspecialchars($name); ?>"/></td>
  </tr><tr>
   <td><label for="email">Email Address:</label></td>
   <td><input type="text" id="email" name="email" maxlength="100"
     value="<?php echo htmlspecialchars($email); ?>"/></td>
  </tr><tr>
   <td> </td>
   <td><input type="submit" name="action" value="Change my info"/></td>
  </tr>
</table>
</form>

I really need help with this one, so thanks in advance, :-*

Debs

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/201385-simple-cms-application-problem/
Share on other sites

Whenever you use the "or die" statement with MySQL it's very helpful to output the query that caused the problem and the PHP line number so you can isolate the problem. For example:

<?php
mysql_query($sql, $db) or die("Problem with the query: $sql on line " . __LINE__ . '<br>' . mysql_error($db));
?>

 

Ken

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.