Query Failed Problem

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Philth
    New Member
    • Oct 2007
    • 38
    #1

    Query Failed Problem

    I'm a novice, so bear with me.

    I'm trying to use a query string that has worked fine for me in the past, however, I'm now using mysql 5 which may be causing the problem, or not.

    I've tried various versions of this with still no joy.

    Here is my mysql_error message...

    Query failed:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='Page Description', keywords='Page Keywords', content='
    Page content html' at line 1

    Here is my code

    Code:
    $str = "UPDATE pages SET title='".$pagetitle."', desc='".$pagedescription."', keywords='".$pagekeywords."', content='".$pagecontent."' WHERE id = '1'";
mysql_query($str) or die("Query failed:<br>".mysql_error());
    many thanks in advance.
    Tags: None
    • Dormilich
      Recognized Expert Expert
      • Aug 2008
      • 8694
      #2
      what does the printed query string look like?

        Comment

        • Philth
          New Member
          • Oct 2007
          • 38
          #3
          Hi there,

          Thanks for the message.

          Here is what is printed...

          UPDATE pages SET title='Page Title', desc='Page Description', keywords='Page Keywords', content='
          Page content html

          ' WHERE id = '1'

          There appears to be somthing funny going on with the content field.

          Here is my whole page...

          Code:
          <?
include("../check_session.php"); 
?>

<html>
<head>
<link href="tutorial_styles.css" rel="stylesheet" type="text/css">
<link href="../../css/styles.css" rel="stylesheet" type="text/css">
<body>
<br>
<table width="938" border="0" align="center" cellpadding="3" cellspacing="10" bgcolor="#FFFFFF" class="border">
  <tr>
    <td width="190" valign="top"><table width="239" height="168" border="0" align="center" cellpadding="0" cellspacing="10" bgcolor="#FFFFFF">
      <tr>
        <td width="156" class="smalltitles">Home Page </td>
        <td width="148" class="bodytext"><a href="home_edit.php">Edit</a></td>
      </tr>
      <tr>
        <td class="smalltitles">Kenya Safaris </td>
        <td class="bodytext">Edit</td>
      </tr>
      <tr>
        <td class="smalltitles">Tanzania Safaris </td>
        <td class="bodytext">Edit</td>
      </tr>
      <tr>
        <td class="smalltitles">South Africa Safaris </td>
        <td class="bodytext">Edit</td>
      </tr>
      <tr>
        <td class="smalltitles">About Us </td>
        <td class="bodytext">Edit</td>
      </tr>
    </table></td>
    <td width="676" valign="top"><span class="smalltitles">Homepage Edit...</span>
      <br />
    <br />
	
	
	<?
include_once("../../fckeditor/fckeditor.php") ;
?>


<?php
include("../connect.php"); 
if ($_POST['submit'])
{
$pagetitle = $_POST['pagetitle'];
$pagekeywords = $_POST['pagekeywords'];
$pagedescription = $_POST['pagedescription'];
$pagecontent = $_POST['pagecontent'];

$str = "UPDATE pages SET title='".$pagetitle."', desc='".$pagedescription."', keywords='".$pagekeywords."', content='".$pagecontent."' WHERE id = '1'";
mysql_query($str) or die("Query failed:<br>".mysql_error());

echo "<br><span class='bodytext'>Page Updated Successfully!</span><br><br>";
}
// ************* End update part *************



$result=mysql_query("select * from pages where id='1'") or die($qry."Cannot find the page".mysql_error());
$row=mysql_fetch_assoc($result);

mysql_close();
?>
<form action="home_edit.php" method="post" enctype="multipart/form-data">
  <table width="650" border="0" cellspacing="10" cellpadding="0">

    <tr>
      <td width="611" class="bodytext">Page Title </td>
    </tr>
    <tr>
      <td><textarea name="pagetitle" cols="45" rows="4" class="border" id="pagetitle"><? echo $row['title']; ?></textarea></td>
    </tr>
    <tr>
      <td class="bodytext">META Description </td>
    </tr>
    <tr>
      <td><textarea name="pagedescription" cols="45" rows="4" class="border" id="pagedescription"><? echo $row['desc']; ?></textarea></td>
    </tr>
    <tr>
      <td class="bodytext">META Keywords </td>
    </tr>
    <tr>
      <td><textarea name="pagekeywords" cols="45" rows="4" class="border" id="pagekeywords"><? echo $row['keywords']; ?></textarea></td>
    </tr>
    <tr>
      <td class="bodytext">Page Content </td>
    </tr>
    <tr>
      <td><?php
$oFCKeditor = new FCKeditor('pagecontent') ;
$oFCKeditor->BasePath = '../../fckeditor/' ;
$oFCKeditor->Value = $row['content'] ;
$oFCKeditor->Height = '400';
$oFCKeditor->Create() ;
?></td>
    </tr>
    <tr>
      <td><input type="submit" name="submit" value="Edit Page" /></td>
    </tr>
  </table>
</form>
</TD>
  </TR>
</TABLE>
   </td>
  </tr>
</table>
</body>
</html>

            Comment

            • Atli
              Recognized Expert Expert
              • Nov 2006
              • 5062
              #4
              Hey.

              The word "DESC" is a reserved keyword in MySQL. If you want to use it as a column name, it needs to be enclosed in back-ticks (`desc`).

              Also, a couple of notes on your code:
              • Check out SQL Injection. Your code is wide open to an SQL Injection attack. - Basically; always run input variables through mysql_real_esca pe_string before using them in a MySQL query.
              • You don't have to break out of a double-quoted string to add a variable. PHP parses variables within double-quoted strings.
                [code=php]// Instead of this:
                $string = " Hello, " . $world;

                // Just do this:
                $string = " Hello, $world";[/code]

                Comment

                Previous template Next
                Working...