Deamoner Posted February 14, 2008 Share Posted February 14, 2008 I am writing a script that takes a post, with information from a chat session. It will check if the chatlog is already in the database by checking the sessionid on the chatlog. If it is not there it creates it, but if it is there then it will use an update statement and this is where my problem comes into play, it is able to do an insert, but when I try to do the update, it is not working. It seems to hang on where I am updating the chalog, as that is where it says the error in my sql syntax is, below is the php of the sql statement, let me know what I am getting wrong. $query2 = "UPDATE 'sessions' SET 'techid' ='".$TechID."', 'techname' = '".$TechName."', chatlog = chatlog.'$ChatLog', 'closingtime' = '".$ClosingTime."' WHERE 'id' ='".$row['id']."'"; I have tried it a number of ways and it seems to hang on the chatlog everytime. When I do the insert it looks like this $query2 = "INSERT INTO sessions (SessionID,TechID,TechName,cname,cid,ChatLog,WaitTime,PickupTime,ClosingTime, billcode) VALUES ('$SessionID', '$TechID', '$TechName', '$CField0', '$CField1', '$ChatLog', '$WaitingTime', '$PickupTime', '$ClosingTime', '$CField2')"; the insert works fine, but I need to have the previous stuff in the chatlog field still there in the database. Let me know any thoughts you may have. Quote Link to comment Share on other sites More sharing options...
effigy Posted February 14, 2008 Share Posted February 14, 2008 Always check your queries for errors and use mysql_real_escape_string on the data going into the database. Quote Link to comment Share on other sites More sharing options...
Deamoner Posted February 15, 2008 Author Share Posted February 15, 2008 I tried using what you said. My new syntax is $chatty = mysql_real_escape_string ($chatty); $Chatlog = mysql_real_escape_string ($Chatlog); $combined = mysql_real_escape_string ($chatty.$Chatlog); mail( "mdavis85@gmail.com", "Email Subject", "This is the combined ".$combined, "From: mdavis852@gmail.com" ); // this means that the session already exists in the table $query2 = "UPDATE 'sessions' SET 'techid' ='".$TechID."', 'techname' = '".$TechName."', 'chatlog' = '".mysql_real_escape_string ($combined)."', 'closingtime' = '".$ClosingTime."' WHERE 'id' ='".$row['id']."'"; I tried combining what, but it still gives the error below You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sessions' SET 'techid' ='2107335', 'techname' = 'Matt Davis', 'chatlog' = '', '' at line 1 I just want it to go into the system and it seems like a special character in system is interrupting the update into the database. So what you said did not work, and p.s. the mysql update synxtax works when I do it with default values. and when i try to print and email myself the values in $combined, it comes up with nothing. Quote Link to comment Share on other sites More sharing options...
Deamoner Posted February 15, 2008 Author Share Posted February 15, 2008 let me just make a point that the "cl" that is in there should not be what is it the string. Quote Link to comment Share on other sites More sharing options...
effigy Posted February 15, 2008 Share Posted February 15, 2008 Table names should not be surrounded in single quotes and all variables should be passed through the escaping function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.