[SOLVED] error in your SQL syntax

[irkevin]

i have an sql which looks like below

 

<?php
//require the config file
require ("config.php");

//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//build and issue the query
$sql ="SELECT * FROM banned WHERE type = 'user'";
$result = @mysql_query($sql,$connection) or die(mysql_error());

while ($sql = mysql_fetch_object($result)) 
{
$banned = $sql -> no_access;

echo "<option value=\"$banned\">$banned</option>";
}
?>

 

but when it executes, i get this message, what does it mean?

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(no_access, type) WHERE no_access = 'tester'' at line 1

[trq]

That query does not match that error. Do you have another query on the same page?

[irkevin]

$lift_user = "DELETE FROM banned (no_access, type) WHERE no_access = '$_POST[lift_user_ban]'";
	$result = @mysql_query($lift_user,$connection) or die(mysql_error());
	$msg .= "The Ban for user $_POST[lift_user_ban] has been lifted.<br>";

 

what about this one?

[trq]

Yeah.

 

You dont need to define the fileds within a DELETE query. It automatically deletes the entire row.

 

$lift_user = "DELETE FROM banned WHERE no_access = '{$_POST['lift_user_ban']}'";

 

ps: You realy ought sanatise your incomming data. Don't ever stick a $_POST variable directly within your query.

[irkevin]

yes its working. thanks for your time