SQL syntax error

[elite_prodigy]

This is probably the sillyest error on my part, but I can't seem to find it.

 

The following is my SQL:

 

$update_db = "INSERT INTO members WHERE id = `$_SESSION[id]` profile = $_POST[profile]  LIMIT 1;" or die(mysql_error()); 
mysql_query($update_db,$conn) or die(mysql_error());

 

I have also tried:

 

$update_db = "UPDATE `members` SET `profile` = $_POST[profile] WHERE id = $_SESSION[id] LIMIT 1;"; 

The error returned is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = '2' profile = LIMIT 1' at line 1

 

Any help would be apreciated

[rhodesa]

$update_db = "UPDATE `members` SET `profile` = '".mysql_real_escape_string($_POST['profile'])."' WHERE id = '{$_SESSION['id']}' LIMIT 1";
mysql_query($update_db,$conn) or die(mysql_error());

[elite_prodigy]

5.0.45-community is the Version

 

Okay. That stopped the error, but it gave unexpected results.  ???

 

What I am trying to do is give staff members the ability to make a profile.

 

There is a field on my members table called profile. When I run this script/sql query, I want to change that table to reflect what is inside the textarea they are typing into.

 

The idea is to obviously edit the profile where their ID is the same as what was stored in the super global $_SESSION[id].

 

But when I run the script that was just fixed, all that I get is a blank database field.

[elite_prodigy]

Also, when I try to run a separate script to extract some default data into the textarea, all that is returned is "Resource id #*" (where * = ID #). I would like to have their profile HTML queried into the box each time so they have something to edit off of.

 

$retrieve_profile = "SELECT profile FROM members WHERE id = '$_SESSION[id]';";
$content_profile = mysql_query($retrieve_profile,$conn);

$display_profile = "<h4>Update Your Profile</h4>
<form method=\"post\" action=\"profile.php\">
<textarea name=\"article\" rows=\"10\" cols=\"50\" wrap=\"virtual\">This Won't Work until I fix it. --elite</textarea><br />
<input type=\"submit\" name=\"submit\" value=\"Save Changes\" />
</form>
";

[rhodesa]

Also, when I try to run a separate script to extract some default data into the textarea, all that is returned is "Resource id #*" (where * = ID #). I would like to have their profile HTML queried into the box each time so they have something to edit off of.

 

$retrieve_profile = "SELECT profile FROM members WHERE id = '$_SESSION[id]';";
$content_profile = mysql_query($retrieve_profile,$conn);

$display_profile = "<h4>Update Your Profile</h4>
<form method=\"post\" action=\"profile.php\">
<textarea name=\"article\" rows=\"10\" cols=\"50\" wrap=\"virtual\">This Won't Work until I fix it. --elite</textarea><br />
<input type=\"submit\" name=\"submit\" value=\"Save Changes\" />
</form>
";

 

For this it would be:

 

$profile_sql = "SELECT profile FROM members WHERE id = '$_SESSION[id]';";
$profile_result = mysql_query($profile_sql,$conn);
$profile_row = mysql_fetch_assoc($profile_result,$conn);
$profile = htmlspecialchars($profile_row['profile']);

$display_profile = "<h4>Update Your Profile</h4>
<form method=\"post\" action=\"profile.php\">
<textarea name=\"article\" rows=\"10\" cols=\"50\" wrap=\"virtual\">{$profile}</textarea><br />
<input type=\"submit\" name=\"submit\" value=\"Save Changes\" />
</form>
";

 

As for the UPDATE command, in your form the field is called "article", but in your code, you reference 'profile'. Change your UPDATE to:

$update_db = "UPDATE `members` SET `profile` = '".mysql_real_escape_string($_POST['article'])."' WHERE id = '{$_SESSION['id']}' LIMIT 1";