SQL error in database?
Results 1 to 6 of 6

Thread: SQL error in database?

  1. #1
    Member
    Join Date
    Oct 2012
    Posts
    33

    SQL error in database?

    Hello everyone,

    I am doing a sample project.In that when i am edititng the records i am getting this error . Can anyony resolve me?

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'australia,companyname='asdf' WHERE id='4'' at line 1




    thanks in advance,
    simbu.

  2. #2
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Systems Vehicle "Thrilled To Be Here"
    Posts
    21,876
    It looks like there is an error in your SQL syntax near australia,companyname='asdf' WHERE id='4'. Probably because of the missing quote.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  3. #3
    Member
    Join Date
    Oct 2012
    Posts
    33
    Quote Originally Posted by Weedpacket View Post
    It looks like there is an error in your SQL syntax near australia,companyname='asdf' WHERE id='4'. Probably because of the missing quote.
    Here is my code...

    <?php

    function renderForm($id,$fname,$name,$currentdesignation,$currentemployer,$email,$telephone,$comments,$education,$experience,$currentlocation,$companyname)
    {
    ?>

    <html>
    <head>
    <title>Edit record</title>
    </head>
    <body>
    <?php

    ?>

    <form method="post" action="" >
    <input type="hidden" name="id" value="<?php echo $id; ?>"/>
    <div>
    <p><strong>id:</strong><?php echo $id; ?></p>
    <strong>Full name * </strong><input type="text" name="fname" value="<?php echo $fname; ?>"/><br/>
    <strong>Name * </strong><input type="text" name="name" value="<?php echo $name; ?>"/><br/>
    <strong>currentdesignation: * </strong><input type="text" name="currentdesignation" value="<?php echo $currentdesignation; ?>"/><br/>
    <strong>currentemployer: * </strong><input type="text" name="currentemployer" value="<?php echo $currentemployer; ?>"/><br/>
    <strong>E-mail: * </strong><input type="text" name="email" value="<?php echo $email; ?>"/><br/>
    <strong>telephone: * </strong><input type="text" name="telephone" value="<?php echo $telephone; ?>"/><br/>
    <strong>comments: * </strong><input type="text" name="comments" value="<?php echo $comments; ?>"/><br/>
    <strong>Education: * </strong><input type="text" name="education" value="<?php echo $education; ?>"/><br/>
    <strong>Experience: * </strong><input type="text" name="experience" value="<?php echo $experience; ?>"/><br/>
    <strong>Current location: * </strong><input type="text" name="currentlocation" value="<?php echo $currentlocation; ?>"/><br/>
    <strong>Company name: * </strong><input type="text" name="companyname" value="<?php echo $companyname; ?>"/><br/>
    <p>* required</p>
    <input type="submit" name="submit" value="submit" >
    </div>
    </form>
    </body>
    </html>
    <?php
    }

    //connect to the database
    include("db.php");

    //check if the form has been submitted.If it has,process the form and save it into teh database
    if(isset($_POST['submit']))
    {
    //confirm that the 'id' value is a valid integer before getting the form data
    if(is_numeric($_POST['id']))
    {
    //get form data,making sure it is valid
    $id=$_POST['id'];
    $fname=mysql_real_escape_string(htmlspecialchars($_POST['fname']));
    $name=mysql_real_escape_string(htmlspecialchars($_POST['name']));
    $currentdesignation=mysql_real_escape_string(htmlspecialchars($_POST['currentdesignation']));
    $currentemployer=mysql_real_escape_string(htmlspecialchars($_POST['currentemployer']));
    $telephone=mysql_real_escape_string(htmlspecialchars($_POST['telephone']));
    $email=mysql_real_escape_string(htmlspecialchars($_POST['email']));
    $comments=mysql_real_escape_string(htmlspecialchars($_POST['comments']));
    $education=mysql_real_escape_string(htmlspecialchars($_POST['education']));
    $experience=mysql_real_escape_string(htmlspecialchars($_POST['experience']));
    $currentlocation=mysql_real_escape_string(htmlspecialchars($_POST['currentlocation']));
    $companyname=mysql_real_escape_string(htmlspecialchars($_POST['companyname']));


    //check that fields are filled in
    if($fname==""||$name==""||$currentdesignation==""||$currentemployer==""||$email==""||$telephone==""||$comments==""||$education==""||$experience==""||$currentlocation==""||$companyname=="")
    {
    //generate error message
    $error='ERROR:Please fill in all required fields!';

    //error display form
    renderForm($id,$fname,$name,$currentdesignation,$currentemployer,$email,$telephone,$comments,$education,$experience,$currentlocation,$companyname);
    }
    else
    {
    //save the data to the database
    $result=mysql_query("UPDATE han.form SET fname='$fname',name='$name',currentdesignation='$currentdesignation',currentemployer='$currentemployer',email='$email',telephone='$telephone',comments='$comments',education='$education',experience='$experience,currentlocation='$currentlocation,companyname='$companyname' WHERE id='$id'") or die(mysql_error());

    //once saved,redirect back to the view page
    header("Location:view.php");
    }
    }
    else
    {
    //if the 'id' isnt valid,display an error
    echo 'Error!';
    }
    }
    else

    {

    if(isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id']>0)
    {

    $id=$_GET['id'];
    $result=mysql_query("SELECT * FROM han.form WHERE id='$id'") or die(mysql_error());
    $row=mysql_fetch_array($result);

    //check that the 'id' matches up with a row in the database
    if($row)
    {

    //get data from db
    $fname=$row['fname'];
    $name=$row['name'];
    $currentdesignation=$row['currentdesignation'];
    $currentemployer=$row['currentemployer'];
    $email=$row['email'];
    $telephone=$row['telephone'];
    $comments=$row['comments'];
    $education=$row['education'];
    $experience=$row['experience'];
    $currentlocation=$row['currentlocation'];
    $companyname=$row['companyname'];

    //show form
    renderForm($id,$fname,$name,$currentdesignation,$currentemployer,$email,$telephone,$comments,$education,$experience,$currentlocation,$companyname);
    }
    else
    //if no match,display result
    {
    echo 'No result!';
    }
    }
    else
    // if the 'id' in the URL isnt valid,or if there is no 'id' value,display an error
    {
    echo 'Error!';
    }
    }
    ?>

    check it out and let em know please.



    thanks,
    simbu.

  4. #4
    Senior Member Derokorian's Avatar
    Join Date
    Apr 2011
    Location
    Denver
    Posts
    1,777
    '$education',experience='$experience,currentlocation='$currentlocation,companyname='$companyname'
    You're missing a closing quote after $experience AND after $currentlocation.
    Sadly, nobody codes for anyone on this forum. People taste your dishes and tell you what is missing, but they don't cook for you. ~anoopmail
    I'd rather be a comma, then a full stop.
    User Authentication in PHP with MySQLi - Don't forget to mark threads resolved - MySQL(i) warning

  5. #5
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,419
    You're also using the mysql extension which is severely outdated and has been deprecated in favor of MySQLi, PDO, etc.

    In addition, you're using unsanitized user-supplied data directly in your SQL query.

  6. #6
    Member
    Join Date
    Oct 2012
    Posts
    33
    Thanks a lot...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •