Help! ERRORS!!

[edgustaf]

When I am trying to update a record in the database i get this error after I submit the form that is populated from the database.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'SFR ANNOUNCES 3RD ANNUAL \"12 DAYS OF CHRISTMAS FOOD DRIVE\"', body = '<' at line 1

[edgustaf]

This is my code so far

 

<?php
include("includes/connect.php");

$updateid = $_GET["id"];






include("includes/connect.php");


$editquery = mysql_query("SELECT * FROM news WHERE id = '$updateid'");

$row = mysql_fetch_assoc($editquery);
   
   $currentid = $row["id"];
   $currenttitle = $row["title"];
   $currentdesc = $row["desc"];
   $currentbody = $row["body"];
   $currenttype = $row["type"];
   $currentdate = $row["date"];
   







?>


<form style="margin:20px 0 0 0; padding:0;" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   





   <label style="color:#000;">Title</label>
    <input type="text" name="title" size="40" value="<?php echo "$currenttitle"; ?>" />
    
    <label style="color:#000;">News Ticker Description</label>
    <textarea cols="80" rows="10" name="desc"><?php echo "$currentdesc"; ?></textarea>

    <label style="color:#000;">Body</label>
    <?php
   // Make sure you're using correct paths here
include_once 'ckeditor/ckeditor.php';
include_once 'ckfinder/ckfinder.php';
$ckeditor = new CKEditor();
$ckeditor->basePath = '/ckeditor/';
CKFinder::SetupCKEditor($ckeditor, '/ckfinder/');
$ckeditor->editor('body',$currentbody);


?>
    
    <input style="margin:20px 0 0 0;" type="submit" name="submit" value="Submit" />
</form>

<?php 


$submit = $_POST["submit"];

$updatetitle = $_POST['title'];
$updatebody = $_POST['body'];
$updatetype = $_POST['type'];
$updatedate = $_POST['date'];
$updatedesc = $_POST['desc'];

if ($submit) {
   $updatearticle = mysql_query("UPDATE news SET title = '$updatetitle', desc = '$updatedesc', body = '$updatebody' WHERE id = $updateid")or die(mysql_error()); 
   echo "<h1>Article has been updated</h1>";
   }
?>

  </div>
  </div>
  </div>
<?php 


include("includes/footer.php"); ?>
</div>
</body>
</html>

 

MOD Edit:

 . . . 

tags added . . .

[BlueSkyIS]

echo out the SQL so you can see what the problem is

 

$update_sql = "UPDATE news SET title = '$updatetitle', desc = '$updatedesc', body = '$updatebody' WHERE id = $updateid";
$updatearticle = mysql_query($update_sql)or die(mysql_error() . " IN $update_sql ");

[Pikachu2000]

When posting code, please make use of the forum's

 . . . 

tags. I've added them to your post this time . . .

[edgustaf]

Thank you for the replies.  For some reason when I echo out the error it shows the the $updateid variable is not getting passed in the update statement but when I echo the $updateid by itsself it comes out fine.

[Pikachu2000]

For now, change the UPDATE query execution to this. There's more work that needs to be done here, such as sanitizing form inputs, but let's start with this.

 

if ($submit) {
$query ="UPDATE news SET title = '$updatetitle', desc = '$updatedesc', body = '$updatebody' WHERE id = $updateid";
$result = mysql_query($query) or die( "<br>Query string: $query<br>Produced Error: " . mysql_error() );
echo "<h1>Article has been updated</h1>";
}

[PFMaBiSmAd]

the right syntax to use near 'desc ...

 

^^^ The error message is calling your attention to the point in the query where there is a problem. desc is a reserved mysql keyword and you should either rename your column to something else or you must enclose desc in back-ticks `` every time you use it in a query.

[edgustaf]

Would it matter if I was trying to insert html tags through the sql statement?

[edgustaf]

ahhhhhhh!! makes sense

[edgustaf]

Thanks so much.  I am not receiving the error anymore but my database doesn't update for some reason.

[Pikachu2000]

You need to see what is actually happening there when the query executes (or not), so as a debugging tool, see

* if the query successfully executes, and if so how many records were updated

* if not, what the error message is, along with the query string.

 

if ($submit) {
$query ="UPDATE news SET title = '$updatetitle', `desc` = '$updatedesc', body = '$updatebody' WHERE id = $updateid";
if( $result = mysql_query($query) ) {
	echo '<br>Update query ran and affected ' . mysql_affected_rows() . ' rows<br>';
} else {
	echo "<br>Query string: $query<br>Produced Error: " . mysql_error();
}
}

[edgustaf]

Your a genius!  Thank you soo much!!