CODEWITHSUNDEEP
phpsqldatabase
zuc0001
zuc0001

Reputation: 931

PHP SQL Update error

I am having a wierd problem when attempting to update a table in my mysql server.

The code:

    $name = trim(FilterText($_POST['name']));
$description = trim(FilterText($_POST['description']));
$type = $_POST['type'];

if($groupdata['type'] == "3" && $_POST['type'] != "3"){ echo "You may not change the group type if it is set to 3."; exit; } // you can't change the group type once you set it to 4, fool
if($type < 0 || $type > 3){ echo "Invalid group type."; exit; } // this naughty user doesn't even deserve an settings update

if(strlen(HoloText($name)) > 25){
    echo "Name too long\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
} elseif(strlen(HoloText($description)) > 200){
    echo "Description too long\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
} elseif(strlen(HoloText($name)) < 1){
    echo "Please give a name\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";  
} else {
    mysql_query("UPDATE groups SET name = '".$name."', type = $type, desc='".$description."' WHERE id = $groupid AND ownerid = '".USER_ID."' LIMIT 1") or die(mysql_error());
    echo "Editing group settings successful\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
}

At the mysql_query to update groups, I keep getting an error saying that I have an error in my SQL syntax at the part when inserting desc=blahblahbla.

When I take the "desc" part out of the query, and only insert the name and type, the query works perfectly, but when I add the desc back into the query, it throws the error again. There are no '' in the desc part - which could stuff it up, and even if there were, I have filtered them at the start of the code.

Any help would be greatly appreciated.

I am using a CMS in case you were wondering

Thanks in advance! :)

Upvotes: 0

Views: 133

Answers (2)

fees
fees

Reputation: 11

try this 

mysql_query("UPDATE `groups` SET `name` = '".$name."', `type` = $type, `desc` = '".$description."' WHERE `id` = '$groupid' AND `ownerid` = '".USER_ID."' LIMIT 1") or die(mysql_error());

Upvotes: 0

Marc B
Marc B

Reputation: 360562

desc is a reserved word in MySQL, for use in order by clauses. You'll have to escape it with backticks:

UPDATE .... `desc`=etc...
            ^--  ^--

And of course, you'll also get jumped on by a few dozen busybodies who'll claim that using the mysql_*() functions will cause the universe to implode in 5... 4... 3...

Upvotes: 2

Related Questions