atticus Posted December 12, 2007 Share Posted December 12, 2007 Error: Error, query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE com_id = '1'' at line 1 $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); I can't find the syntax error...any ideas? Quote Link to comment Share on other sites More sharing options...
Sulman Posted December 12, 2007 Share Posted December 12, 2007 Is com_id an integer or a string? My guess is that it's probably an int. In which case change it to: $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id=".$_GET['com_id']) or die('Error, query failed : ' . mysql_error()); I have changed it above but you need to enclose the get parameter with single quotes: $_GET['com_id'] and not $_GET[com_id] A word of warning: If you are using $_GET[com_id] straight from the get request make sure you clean it up first to ensure that you are not open to SQL injection. Quote Link to comment Share on other sites More sharing options...
atticus Posted December 12, 2007 Author Share Posted December 12, 2007 I added the "." because it is an integer, however now I am getting the following error, same just with "." included Error, query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE com_id='.1'' at line 1 <?php if(isset($_POST['submit'])) { $id = mysql_escape_string($_POST['com_id']); $name = mysql_escape_string($_POST['company_name']); $address1 = mysql_escape_string($_POST['address1']); $address2 = mysql_escape_string($_POST['address2']); $city = mysql_escape_string($_POST['city']); $state = mysql_escape_string($_POST['state']); $zip = mysql_escape_string($_POST['zip']); $phone = mysql_escape_string($_POST['phone']); $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); echo "<b>Thank you! User UPDATED Successfully!<br />You will be redirected in 4 seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>"; } Quote Link to comment Share on other sites More sharing options...
rajivgonsalves Posted December 13, 2007 Share Posted December 13, 2007 this $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone', WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); should be $result = mysql_query("UPDATE company SET company_name='$name', address_1 = '$address1', address_2 = '$address2', city ='$city', state ='$state', zip ='$zip', phone ='$phone' WHERE com_id='.$_GET[com_id]'") or die('Error, query failed : ' . mysql_error()); notice I removed the "," before where clause Quote Link to comment Share on other sites More sharing options...
atticus Posted December 13, 2007 Author Share Posted December 13, 2007 thanks man...one little coma... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.