unidox Posted August 30, 2007 Share Posted August 30, 2007 I keep getting this error: 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Query WHERE 'level_id' = 1' at line 1 I dont know whats wrong. Here is my code: <?php require_once("inc/db.inc.php"); require_once ("files/levels.php"); if ($_COOKIE['uniqueid']) { ?> <?php $a = $_COOKIE['access']; global $levels; if ($a <= $levels[levels]) { $input = $_POST['submit']; if ($_POST['submit']) { // Check to see if something has been 'posted' from the form by checking to see if the submit button was sent echo $_REQUEST['dropdown']; // Display the VALUE of the 'dropdown' select item. MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = $input WHERE 'level_id' = 1") or die (mysql_error()); } echo "<form name='form1' action='#' method='POST'>"; echo "<SELECT NAME='dropdown'>"; echo "<OPTION VALUE='1'>Admin</option>"; echo "<OPTION VALUE='2'>Staff</option>"; echo "<OPTION VALUE='3'>Member</option>"; echo "</SELECT>"; echo "<br><br><input type='submit' name='submit'>"; echo "</form>"; } ?> <?php } ?> <?php if ($a > $levels[levels]) { if (!$_REQUEST['m']) { getHeader(); echo "Sorry, you dont have access to this page!"; } } ?> Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 30, 2007 Share Posted August 30, 2007 Strings must be surrounded in quotes. If the variable will have a string, it needs quotes around it. MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = '$input' WHERE 'level_id' = 1") or die (mysql_error()); Quote Link to comment Share on other sites More sharing options...
unidox Posted August 30, 2007 Author Share Posted August 30, 2007 hmm, i did that, but then nothing in the db updates :-\ My db is this : `level_id` int(11) NOT NULL auto_increment, `title` varchar(20) NOT NULL default '', `login` int(2) NOT NULL default '0', `home` int(2) NOT NULL default '0', `news` int(2) NOT NULL default '0', `roster` int(2) NOT NULL default '0', `links` int(2) NOT NULL default '0', `leagues` int(2) NOT NULL default '0', `matches` int(2) NOT NULL default '0', `servers` int(2) NOT NULL default '0', `sponsors` int(2) NOT NULL default '0', `downloads` int(2) NOT NULL default '0', `media` int(2) NOT NULL default '0', `demos` int(2) NOT NULL default '0', `settings` int(2) NOT NULL default '0', `pass` int(2) NOT NULL default '0', `users` int(2) NOT NULL default '0', `poll` int(2) NOT NULL default '0', `layout` int(2) NOT NULL default '0', `levels` int(2) NOT NULL default '0', `pages` int(2) NOT NULL default '0', Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 30, 2007 Share Posted August 30, 2007 Well news is an int, and you're trying to set it to the string "query". $input = $_POST['submit']; will make $input the name of the submit button. I think you want the name of another field in your form. Quote Link to comment Share on other sites More sharing options...
unidox Posted August 30, 2007 Author Share Posted August 30, 2007 I want it the value of the dropdown Quote Link to comment Share on other sites More sharing options...
unidox Posted August 30, 2007 Author Share Posted August 30, 2007 I tired changing the input var. But still doesnt work... $input = $_REQUEST['dropdown']; Quote Link to comment Share on other sites More sharing options...
unidox Posted August 30, 2007 Author Share Posted August 30, 2007 anyone? Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 30, 2007 Share Posted August 30, 2007 Use $_POST not $_REQUEST. If that doesn't work post the HTML of the form, so we can see what the field is that's being posted. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted August 30, 2007 Share Posted August 30, 2007 $submit= $_POST[submit]; is what you want. also post the full code so we can help Quote Link to comment Share on other sites More sharing options...
AndyB Posted August 31, 2007 Share Posted August 31, 2007 $submit= $_POST[submit]; is what you want. Personally, I doubt it. The form code in the opening post is very specific. The NAME of the select is dropdown; the form method is post; ergo $whatever_you_want = $_POST['dropdown']. Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 andy I tried that, but nothing in the db updated edit - I just want a form of dropdowns, so when someone selects a dropdown like Pizza. I want the value of the pizza like 1 to be updated into the db Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 4, 2007 Share Posted September 4, 2007 can you post your current code ? Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 <?php require_once("inc/db.inc.php"); require_once ("files/levels.php"); if ($_COOKIE['uniqueid']) { ?> <?php $a = $_COOKIE['access']; global $levels; if ($a <= $levels[levels]) { $input = $_POST['dropdown']; if ($_POST['submit']) { // Check to see if something has been 'posted' from the form by checking to see if the submit button was sent echo $_REQUEST['dropdown']; // Display the VALUE of the 'dropdown' select item. MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = '$input' WHERE 'level_id' = 1") or die (mysql_error()); } echo "<form name='form1' action='#' method='POST'>"; echo "<SELECT NAME='dropdown'>"; echo "<OPTION VALUE='1'>Admin</option>"; echo "<OPTION VALUE='2'>Staff</option>"; echo "<OPTION VALUE='3'>Member</option>"; echo "</SELECT>"; echo "<br><br><input type='submit' name='submit'>"; echo "</form>"; } ?> <?php } ?> <?php if ($a > $levels[levels]) { if (!$_REQUEST['m']) { getHeader(); echo "Sorry, you dont have access to this page!"; } } ?> Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 4, 2007 Share Posted September 4, 2007 MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = '$input' WHERE 'level_id' = 1") remove the ' ' in the level_id this is a field so i guess no need for that '' try MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = '".$input."' WHERE level_id = 1"); Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 Works! How do I fix the access so it is safer, so people cant just change their cookie to gain access. Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 4, 2007 Share Posted September 4, 2007 what change cookie? if you have a login page then its safe? Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 Yea, but i use cookies to record the access levels... 1,2,3 so how would I make it safer. People can just change the 3 to a 1 and get admin access Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 4, 2007 Share Posted September 4, 2007 how? i dont know how they can change your cookie value Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 Thats what others have been saying, personally.. I dont know how to change it Quote Link to comment Share on other sites More sharing options...
unidox Posted September 4, 2007 Author Share Posted September 4, 2007 bump Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.