CODEWITHSUNDEEP
phpmysqlsqlmysql-error-1064
Edy Murray
Edy Murray

Reputation: 33

Mysql Insert and update unknown errors

Using the following code to insert and update some rows in database from an html form. When i submit them, the insert form doesn't do anything, neither insert or display any error and the update form says: Database access failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical, Locatie_eveniment=Bucu' at line 1 even if i have an delete query above and it works great. How can i fix this? PS: Connection to the database is established properly:), thanks!

HTML
<div class="update_row">
                Update
                <form method="post" action="">
                *<input type="text" name="ID_even" Placeholder="Id eveniment"><br>
                *<input type="text" name="nume" Placeholder="Nume eveniment"><br>
                *<input type="text" name="perioada" Placeholder="Perioada eveniment"><br>
                *<input type="text" name="tip" Placeholder="Tip eveniment"><br>
                *<input type="text" name="locatie" Placeholder="Locatie eveniment"><br>
                *<input type="text" name="id_organizator" Placeholder="ID Organizator"><br>
                <input type="submit" name="submit" value="Modifica">
                </form>
            </div>

            <div class="add_row">
                Add
                <form method="post" action="">
                *<input type="text" name="id_add" Placeholder="Id eveniment"><br>
                *<input type="text" name="nume_add" Placeholder="Nume eveniment"><br>
                *<input type="text" name="perioada_add" Placeholder="Perioada eveniment"><br>
                *<input type="text" name="tip_add" Placeholder="Tip eveniment"><br>
                *<input type="text" name="locatie_add" Placeholder="Locatie eveniment"><br>
                *<input type="text" name="id_org_add" Placeholder="ID Organizator"><br>
                <input type="submit" name="submit_add" value="Adauga">
                </form>
            </div>


PHP
            if (isset($_POST["id_add"]))
                $id_add=$_POST["id_add"];
            if (isset($_POST["nume_add"]))
                $nume_add=$_POST["nume_add"];
            if (isset($_POST["perioada_add"]))
                $perioada_add=$_POST["perioada_add"];
            if (isset($_POST["tip_add"]))
                $tip_add=$_POST["tip_add"];
            if (isset($_POST["locatie_add"]))
                $locatie_add=$_POST["locatie_add"];
            if (isset($_POST["id_org_add"]))
                $id_org=$_POST["id_org_add"];
                $submitcheck_add=isset($_POST["submit_add"]);   


            if($submitcheck_add && $nume_add !=0 && $perioada_add !=0 && $locatie_add !=0 && $id_org !==0){
                $sql = "INSERT INTO evenimente (ID_even, Nume_eveniment, Perioada_eveniment, Tip_even, Locatie_eveniment, ID_Org)
VALUES ($id_add, $nume_add, $perioada_add, $tip_add, $locatie_add, $id_org )";
                $result=query_mysql($sql);
            }



            if (isset($_POST["ID_even"]))
                $id=$_POST["ID_even"];
            if (isset($_POST["nume"]))
                $nume=$_POST["nume"];
            if (isset($_POST["perioada"]))
                $perioada=$_POST["perioada"];
            if (isset($_POST["tip"]))
                $tip=$_POST["tip"];
            if (isset($_POST["locatie"]))
                $locatie=$_POST["locatie"];
            if (isset($_POST["id_organizator"]))
                $id_organizator=$_POST["id_organizator"];
                $submitcheck=isset($_POST["submit"]);

            if($submitcheck && $id !==0 && $nume !==0 && $perioada !==0 && $tip !==0 && $locatie !==0 && $id_organizator !==0 ){  
                $sql = "UPDATE evenimente SET Nume_eveniment=$nume, Perioada_eveniment=$perioada, Tip_even=$tip, Locatie_eveniment=$locatie, ID_org=$id_organizator WHERE ID_even=$id";
                $result= query_mysql($sql);
            }

LE:

PDO examples:

   if (isset($_POST["ID_even"]))
                $id=$_POST["ID_even"];
            if (isset($_POST["nume"]))
                $nume=$_POST["nume"];
            if (isset($_POST["perioada"]))
                $perioada=$_POST["perioada"];
            if (isset($_POST["tip"]))
                $tip=$_POST["tip"];
            if (isset($_POST["locatie"]))
                $locatie=$_POST["locatie"];
            if (isset($_POST["id_organizator"]))
                $id_organizator=$_POST["id_organizator"];
                $submitcheck=isset($_POST["submit"]);

            if($submitcheck && $id !==0 && $nume !==0 && $perioada !==0 && $tip !==0 && $locatie !==0 && $id_organizator !==0 ){ 
                    $servername = "localhost";
                    $username = "root";
                    $password = "root";
                    $dbname = "organizator_evenimente";
            try {
                    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
                    // set the PDO error mode to exception
                    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                    $sql = "UPDATE evenimente SET Nume_eveniment=$nume, Perioada_eveniment=$perioada, Tip_even=$tip, Locatie_eveniment=$locatie, ID_Org=$id_organizator WHERE ID_even=$id";

                    // Prepare statement
                    $stmt = $conn->prepare($sql);

                    // execute the query
                    $stmt->execute();

                    // echo a message to say the UPDATE succeeded
                    echo $stmt->rowCount() . " records UPDATED successfully";
                    }
                catch(PDOException $e)
                    {
                    echo $sql . "<br>" . $e->getMessage();
                    }

                $conn = null;
                }

And the error: UPDATE evenimente SET Nume_eveniment=Concert Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical, Locatie_eveniment=Bucuresti, ID_Org=2 WHERE ID_even=2 SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical,

Please i'm stuck at this point!

Upvotes: 0

Views: 164

Answers (2)

pesoklp13
pesoklp13

Reputation: 349

First you should clean your code and save inputs.

i looked at your code and in parameter ID_Org inside of insert but in update it is ID_org make sure your column name is ID_org or ID_Org. The best practice is not using capitals as name of database table.

btw try write your code like this it will be more readable.

<?php
    $id_add = filter_input(INPUT_POST,'id_add');

    //at first check which method is called
    $insert = filter_input(INPUT_POST,'submit_add');
    if($insert){
        //do insert
        //try using PDO or mysqli for SQL Injection
    }else{
        $update = filter_input(INPUT_POST,'submit');
        if($update){
            //do update
        }//else{
            //here should be code to handle error or nothing if it is ok
        //}
    }

Upvotes: 0

John Conde
John Conde

Reputation: 219834

You're missing quotes around the string values in your query:

$sql = "INSERT INTO evenimente (ID_even, Nume_eveniment, Perioada_eveniment, Tip_even, Locatie_eveniment, ID_Org)
VALUES ('$id_add', '$nume_add', '$perioada_add', '$tip_add', '$locatie_add', '$id_org' )";

Upvotes: 3

Related Questions