[SOLVED] Always syntax errors with me . . .

Styles2304 · August 26, 2007

Ok, here's the error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

And then here's the code:

<?php
include "auth.inc.php";
include "conn.inc.php";

//Defines variables
$IndexNo = $_POST['IndexNo'];
$PAccess = $_POST['PAccess'];
$EventDate = $_POST['EventDate'];
$Title = $_POST['Title'];
$DisplayTitle = $_POST['DisplayTitle'];
$Body = $_POST['Body'];

//Sets up new query to enter variables into database
$query = "UPDATE CalendarEvents SET " .
         "EventDate = '" . $EventDate . "', " . 
         "Title = '" . $Title . "', " . 
         "CalendarDisplayTitle = '" . $DisplayTitle . "', " . 
         "Body = '" . $Body . "', " .  
         "PublicAccess = '" . $PAccess . "' WHERE IndexNo = " . 
         $IndexNo . "";

mysql_query($query,$link)
  or die(mysql_error());
  
header('Location: calendar.php');
?>

See anything wrong? I've been staring at it too long to notice.

pocobueno1388 · August 26, 2007

Use mysql_real_escape_string() on all your variables.

EX:

$IndexNo = mysql_real_escape_string($_POST['IndexNo']);

AV1611 · August 26, 2007

$query = "UPDATE CalendarEvents SET `EventDate`= '$EventDate', `Title` = '$Title',`CalendarDisplayTitle` = '$DisplayTitle', `Body` = '$Body',

`PublicAccess` = '$PAccess' WHERE `IndexNo` = '$IndexNo'";

Fadion · August 26, 2007

U have no quotes at WHERE IndexNo = '$IndexNo'.

And why use string concatination (however it is written) when u can write it in a single string, and also make it proccess faster:

"UPDATE CalendarEvents SET EventDate='$EventDate', Title='$Title' etc etc";

AV1611 · August 26, 2007

U have no quotes at WHERE IndexNo = '$IndexNo'.

And why use string concatination (however it is written) when u can write it in a single string, and also make it proccess faster:
"UPDATE CalendarEvents SET EventDate='$EventDate', Title='$Title' etc etc"; 

Um, that's what I said

Fadion · August 26, 2007

Um, that's what I said

lol yeah i know but i highlighted it for him to understand it better

Styles2304 · August 26, 2007

Ok well . . . that's not the problem . . . $IndexNo isn't a string, it's a int so it doesn't need quotes.

Here's a chunk of code that's almost identical that works.

<?php
include "auth.inc.php";
include "conn.inc.php";

//Defines variables
$IndexNo = $_POST['IndexNo'];
$EntryDate = $_POST['EntryDate'];
$DelDate = $_POST['DeleteDate'];
$OnGoing = $_POST['OnGoing'];
$PAccess = $_POST['PAccess'];
$Announcement = $_POST['Announcement'];

//Sets up new query to enter variables into database
$query = "UPDATE Announcements SET " .
         "EntryDate = '" . $EntryDate . "', " . 
         "Data = '" . $Announcement . "', " . 
         "OnGoing = '" . $OnGoing . "', " . 
         "DeleteDate = '" . $DelDate . "', " .  
         "PublicAccess = '" . $PAccess . "' WHERE IndexNo = " . 
         $IndexNo . "";

mysql_query($query,$link)
  or die(mysql_error());
  
header('Location: announcements.php');
?>

I pretty much just copy and pasted the code and changed the name of the variables. While comparing the two, can you guys see where the error is . . . because I can't and the second one definitely works.

Styles2304 · August 26, 2007

Alright nevermind . . . a stupid error. It was supposed to be $_SESSION['IndexNo'] not $_POST . . . thanks for the help anyways.

Sign In

[SOLVED] Always syntax errors with me . . .

Recommended Posts

Styles2304

Link to comment

Share on other sites

pocobueno1388

Link to comment

Share on other sites

AV1611

Link to comment

Share on other sites

Fadion

Link to comment

Share on other sites

AV1611

Link to comment

Share on other sites

Fadion

Link to comment

Share on other sites

Styles2304

Link to comment

Share on other sites

Styles2304

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information