Problems with sprintf()

natman3

I get this error when i try to submit a form:

SELECT cid, first, last, year, age, gender FROM collegiate WHERE user_id = 2You have an error in your SQL syntax near 'AND user_id = 2' at line 1

I believe my issue lies within the: WHERE cid = %s AND user_id = %s" but iam not sure what is causing it.

function save_profile_date($ident = "", $first = "", $last = "", $year = "", $age = "", $gender = "") {
		if ($_SESSION['is_rec']){
			$sql = sprintf("UPDATE %s SET first=%s, last=%s, year=%s, age=%s, gender=%s, last_change=NOW() WHERE cid = %s AND user_id = %s", 
				PROFILE_TABLE, $this->ins_string($first), $this->ins_string($last), $this->ins_string($year),
				$this->ins_string($age), $this->ins_string($gender), $this->ins_string($ident, "int"));
		}

function ins_string($value, $type = "") {
		$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;
		switch ($type) {
			case "int":
			$value = ($value != "") ? intval($value) : NULL;
			break;
			default:
			$value = ($value != "") ? "'" . $value . "'" : "''";
		}
		return $value;
	}

Weedpacket

The code you posted is not the code that produced the error (the code that produced the error doesn't mention cid).

bradgrafelman

Try WHERE cid = '%s' AND user_id = '%s'" instead.

EDIT: And yeah, what Weedpacket said.