Jump to content

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Cost`=`60',


Chris721

Recommended Posts

I have been looking at this code most of the morning and do not have a clue what is wrong with the code. I am hoping its not a stupid mistake, can someone please help me out? thank you 

 

 

 
<title>Inputing Travel Detials</title>
 
<header>
  <h1 align="center"> Adding Travel Detials </h1>
  
 
  <body>
    <p>  <center><img  src="cyberwarfareimage1.png" alt="Squadron logo" style="width:200px;height:200px" style="middle"></center>
        <table border="1">
          <tr>
            <td><a href="index.php"> Home Page </a></td>
            <td><a href="administratorhomepage.html">Administrator Home Page </a></td>
            <td><a href="viewhomepage.html">View Home Page </a></td>
            <td><a href="Inputhomepage.html">Input Home Page </a></td>
            <td><a href="traveldetials.html">Enter More Travel Detials </a></td>
        </table>
    </p>
 
 
<?php
 
include "connection.php";
 
$Applicant_ID = $_POST["Applicant_ID"];
$Method_Of_Travel = $_POST["Method_Of_Travel"];
$Cost = $_POST["Cost"];
$ETA = $_POST["ETA"];
$Main_Gate_Advised = $_POST["Main_Gate_Advised"];
 
$query = ("UPDATE `int_board_applicant` SET `Method_Of_Travel`=`$Method_Of_Travel', `Cost`=`$Cost', `ETA`='$ETA', `Main_Gate_Advised`='$Main_Gate_Advised' WHERE `Applicant_ID`='$Applicant_ID'");
   
 
$result = mysqli_query($dbhandle, $query) 
    or die(mysqli_error($dbhandle));
 
if($result){ echo "Success!"; }
 
  else{ echo "Error."; }
 
 
// successfully insert data into database, displays message "Successful".
 if($query){
  echo "Successful";
}
 
  else {
  echo "Data not Submitted";
}
 
 
//closing the connection
   mysqli_close($dbhandle)
   
 
 
 
 
?>
Link to comment
Share on other sites

SET `Method_Of_Travel`=`$Method_Of_Travel', `Cost`=`$Cost', 
                                                   ^
                                                   |
                                                   single quote
                                                   required

if $cost is numeric then single quotes should not be used at all.

`..` are only required if the identifier is a reserved word or contains space or other special characters

Edited by Barand
Link to comment
Share on other sites

code now looks like

 

 

 
<title>Inputing Travel Detials</title>
 
<header>
  <h1 align="center"> Adding Travel Detials </h1>
  
 
  <body>
  
<table border="1">
  <tr>
    <td><a href="index.php"> Home Page </a></td>
    <td><a href="administratorhomepage.html">Administrator Home Page </a></td>
    <td><a href="viewhomepage.html">View Home Page </a></td>
    <td><a href="Inputhomepage.html">Input Home Page </a></td>
  </tr>
</table>
   
<center><img  src="cyberwarfareimage1.png" alt="Squadron logo" style="width:200px;height:200px" style="middle"></center>
       
<table border="1">
  <tr>
   <td><a href="Changetraveldetials.html">Modify More Travel Detials </a></td>
  </tr>
</table>
 
<?php
 
include "connection.php";
 
$Applicant_ID = $_POST["Applicant_ID"];
$Method_Of_Travel = $_POST["Method_Of_Travel"];
$Cost = $_POST["Cost"];
$ETA = $_POST["ETA"];
$Main_Gate_Advised = $_POST["Main_Gate_Advised"];
 
$query = ("UPDATE int_board_applicant SET 'Method_Of_Travel'='$Method_Of_Travel', 'Cost'=$Cost, 'ETA'='$ETA', 'Main_Gate_Advised'='$Main_Gate_Advised' WHERE 'Applicant_ID'='$Applicant_ID'");
   
 
$result = mysqli_query($dbhandle, $query) 
    or die(mysqli_error($dbhandle));
 
if($result){ echo "Success!"; }
 
  else{ echo "Error."; }
 
 
// successfully insert data into database, displays message "Successful".
 if($query){
  echo "Successful";
}
 
  else {
  echo "Data not Submitted";
}
 
 
//closing the connection
   mysqli_close($dbhandle)
 
?>
 
</body>
 
Link to comment
Share on other sites

You can generally skip out on backticks around column names

UPDATE int_board_applicant SET Method_Of_Travel='$Method_Of_Travel',...

See no quote marks of any kind around Method_Of_Travel?  Yep.  Save on typing.  Those are only required when you are using some reserved words that MySQL would try to interpret.

Link to comment
Share on other sites

At University?  What BETTER place to include security in your appl?

 

At University all I cared about is get the project working and heck with security or anything else.

And Instructors did not care about security unless it was a security class.  Instructors cared about project working and project documentation being in place and a few other esoteric things.  Such is reality of University culture.  I taught labs and classes at a University for a bit.  I pretty much cared only about the concepts I was teaching and not anything else.  Security and other pretty may have gotten some folks bonus points, and a notice on my radar for i.e. job recommendations, but not a big effect on the grade, unless I was specifically looking for those.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.