PHP and MYSQL Update problem [Databases]

Prev: dl () problem
Next: FW: Oracle Finalizes Acquisition of Sun

From: Simone Fornara on 26 Jan 2010 12:21

Hello,
I have a little problem with a sql command string

$q = "UPDATE episodes SET episode_title = '$_POST[episode_title]' ,
episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
, episode_description = '$_POST[episode_description]' WHERE episode_id
= $_POST[episode_id]";

I keep getting this error

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''

which doesn't help a lot. I've already tried to print the result

UPDATE episodes SET episode_title = 'Title test 1 edited 2' ,
episode_scheduleddate = 1232427600 , episode_description =
'Description test edited' WHERE episode_id = 1

I really can't find the problem. I tried almost every combination with
' and " without any result.

Thank you.
Simon.

From: Manu Gupta on 26 Jan 2010 12:36

try ..
$q = addslashes("UPDATE episodes SET episode_title = '$_POST[episode_title]'
,
episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
, episode_description = '$_POST[episode_description]' WHERE episode_id
= $_POST[episode_id]");

or try

$q = "UPDATE episodes SET episode_title = '{$_POST[episode_title]}' ,
episode_scheduleddate = "{.strtotime($_POST['episode_scheduleddate'])}."
, episode_description = '{$_POST[episode_description]}' WHERE episode_id
= {$_POST[episode_id]}";

On Tue, Jan 26, 2010 at 10:51 PM, Simone Fornara
<simone.fornara(a)gmail.com>wrote:

> Hello,
> I have a little problem with a sql command string
>
> $q = "UPDATE episodes SET episode_title = '$_POST[episode_title]' ,
> episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
> , episode_description = '$_POST[episode_description]' WHERE episode_id
> = $_POST[episode_id]";
>
> I keep getting this error
>
> You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use
> near ''
>
> which doesn't help a lot. I've already tried to print the result
>
> UPDATE episodes SET episode_title = 'Title test 1 edited 2' ,
> episode_scheduleddate = 1232427600 , episode_description =
> 'Description test edited' WHERE episode_id = 1
>
> I really can't find the problem. I tried almost every combination with
> ' and " without any result.
>
> Thank you.
> Simon.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
Regards
MANU

From: Chris on 26 Jan 2010 16:55

Manu Gupta wrote:
> try ..
> $q = addslashes("UPDATE episodes SET episode_title = '$_POST[episode_title]'
> ,
> episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
> , episode_description = '$_POST[episode_description]' WHERE episode_id
> = $_POST[episode_id]");
>
> or try
>
> $q = "UPDATE episodes SET episode_title = '{$_POST[episode_title]}' ,
> episode_scheduleddate = "{.strtotime($_POST['episode_scheduleddate'])}."
> , episode_description = '{$_POST[episode_description]}' WHERE episode_id
> = {$_POST[episode_id]}";

Good idea but you don't addslashes the whole query (and addslashes is
the wrong thing to use).

Use mysql_real_escape_string around bits and pieces you want to escape:

$q = "update episodes set episode_title='" .
mysql_real_escape_string($_POST['episode_title']) . "', ......

--
Postgresql & php tutorials
http://www.designmagick.com/

|
Pages: 1
Prev: dl () problem
Next: FW: Oracle Finalizes Acquisition of Sun