atticus Posted December 12, 2007 Share Posted December 12, 2007 Error: Error, query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE com_id = '1'' at line 1 $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); I can't find the syntax error...any ideas? Link to comment https://forums.phpfreaks.com/topic/81419-solved-mysql-error/ Share on other sites More sharing options...
Sulman Posted December 12, 2007 Share Posted December 12, 2007 Is com_id an integer or a string? My guess is that it's probably an int. In which case change it to: $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id=".$_GET['com_id']) or die('Error, query failed : ' . mysql_error()); I have changed it above but you need to enclose the get parameter with single quotes: $_GET['com_id'] and not $_GET[com_id] A word of warning: If you are using $_GET[com_id] straight from the get request make sure you clean it up first to ensure that you are not open to SQL injection. Link to comment https://forums.phpfreaks.com/topic/81419-solved-mysql-error/#findComment-413245 Share on other sites More sharing options...
atticus Posted December 12, 2007 Author Share Posted December 12, 2007 I added the "." because it is an integer, however now I am getting the following error, same just with "." included Error, query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE com_id='.1'' at line 1 <?php if(isset($_POST['submit'])) { $id = mysql_escape_string($_POST['com_id']); $name = mysql_escape_string($_POST['company_name']); $address1 = mysql_escape_string($_POST['address1']); $address2 = mysql_escape_string($_POST['address2']); $city = mysql_escape_string($_POST['city']); $state = mysql_escape_string($_POST['state']); $zip = mysql_escape_string($_POST['zip']); $phone = mysql_escape_string($_POST['phone']); $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); echo "<b>Thank you! User UPDATED Successfully!<br />You will be redirected in 4 seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>"; } Link to comment https://forums.phpfreaks.com/topic/81419-solved-mysql-error/#findComment-413251 Share on other sites More sharing options...
rajivgonsalves Posted December 13, 2007 Share Posted December 13, 2007 this $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); should be $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone' WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); notice I removed the "," before where clause Link to comment https://forums.phpfreaks.com/topic/81419-solved-mysql-error/#findComment-413548 Share on other sites More sharing options...
atticus Posted December 13, 2007 Author Share Posted December 13, 2007 thanks man...one little coma... Link to comment https://forums.phpfreaks.com/topic/81419-solved-mysql-error/#findComment-413752 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.