tags:

views:

38

answers:

2

Receiving Error message when performing Update Statement, but database is being updated.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1

Issue with function update()

function update($pUInput) {

    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

Entire PHP Code:

//Call function mainline
mainline();

// Declare the function mainline
function mainline() {

    $uInput = getUserInput();

    $connectDb = openConnect(); // Open Database Connection
    selectDb($connectDb); // Select Database
    doAction($uInput);
    //display();
    //closeConnect();

}

//Declare function getUserInput ------------------------------------------------------------------------------------
function getUserInput() {

    echo "In the function getUserInput()" . "<br/>";

    // Variables of User Input
    $idnum = $_POST["idnum"];              // id (NOTE: auto increments in database)
    $fname = $_POST["fname"];             // first name
    $lname = $_POST["lname"];            // last name
    $major = $_POST["major"];           // major
    $year = $_POST["year"];            // year
    $action = $_POST["action"];       // action (select, insert, update, delete)

    $userInput = array($idnum, $fname, $lname, $major, $year, $action);

    return $userInput;
}

// function doAction ----------------------------------------------------------------------------------------------
function doAction($pUserInput) {
    echo "In function doAction()" . "<br/>";

    if ($pUserInput[5] == "select") {
        //IDorLastName();   
        selectById();


    } elseif ($pUserInput[5] == "insert") {


        //checkStudentFields();
        insert($pUserInput);

        //echo "I need to insert!";
    } elseif ($pUserInput[5] == "update") {
        //IDorLastName();       
        update($pUserInput);    
        //echo "I need to insert!";


    } elseif ($pUserInput[5] == "delete") {
        //IDorLastName();       
        deleteById($pUserInput);    
        //echo "I need to insert!";
    }

}

/*
function IDorLastName() {
    if (!empty($pUserInput[0]) || !empty($pUserInput[2])) {
                checkId();
                } else {
            echo "Please enter ID field or Last Name field";
            }
        }
}
*/
// function checkId -----------------------------------------------------------------------------------------------
/*
function checkId() {
    if (!empty($pUserInput[0])) {
        selectById();
        } else {
        selectByLastName();
    }
}*/

/*
function checkStudentFields() {
 // check if first name, last name, major and year exists
}*/

// Create a database connection ------------------------------------------------------------------------------------
function openConnect() {
    $connection = mysql_connect("localhost", "root_user", "password");
        echo "Opened Connection!" . "<br/>";    
    if(!$connection) {
        die("Database connection failed: " . mysql_error());
    }
    return $connection;
}

// Select a database to ------------------------------------------------------------------------------------------- 
function selectDb($pConnectDb) {
    $dbSelect = mysql_select_db("School", $pConnectDb);
    if(!$dbSelect) {
        die("Database selection failed: " . mysql_error());
    } else {
    echo "You are in the School database! <br/>";   
    }

}

// Close database connection ------------------------------------------------------------------------------------
function closeConnect() {
    mysql_close($connection);
}

// function selectById ---------------------------------------------------------------------------------------------
function selectById($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE id='$pUInput[0]'");
    if (!$row = mysql_fetch_assoc($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        //echo $pUInput[0];

}

// function selectByLastName ---------------------------------------------------------------------------------------------
function selectByLastName($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE last_name='$pUInput[2]'");
    if (!$row = mysql_fetch_array($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        echo $pUInput[2];

}

// function insert -------------------------------------------------------------------------------------------------
function insert($pUInput) {     
    $sql="INSERT INTO tblStudents (first_name, last_name, major, year)
          VALUES
         ('$pUInput[1]','$pUInput[2]','$pUInput[3]', '$pUInput[4]')";

        if (!mysql_query($sql))
          {
          die('Error: ' . mysql_error());
          }
        echo "1 record added";
}

// function update -------------------------------------------------------------------------------------------------
function update($pUInput) {
    // call select();
    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

// function delete -------------------------------------------------------------------------------------------------
function deleteById($pUInput) {
        // call select();
        $sql="DELETE FROM tblStudents WHERE id='$pUInput[0]'";
        $result=mysql_query($sql);

        if($result){
            echo "Deleted Successfully";
        }else {
            echo "Error";
        }       
}

/*

function display() { 
}
*/



?> 

SQL Syntax:

CREATE TABLE `tblStudents` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `first_name` varchar(30) NOT NULL,
  `last_name` varchar(50) NOT NULL,
  `major` varchar(40) NOT NULL,
  `year` date NOT NULL,
  PRIMARY KEY (`id`)
)
A: 

Your id-column is of a numeric value and you're comparing it to a string-value. Computer says no.

Kurt Du Bois
+1  A: 

Try this:

$sql = "UPDATE tblStudents 
        SET first_name = '{$pUInput[1]}',
            last_name = '{$pUInput[2]}', 
            major = '{$pUInput[3]}', 
            year = '{$pUInput[4]}'
        WHERE id = '{$pUInput[0]}'";

if(!mysql_query($sql))
{
    die('Error: ' . mysql_error());
}
echo "1 record update";

And change this:

// Variables of User Input
$idnum = $_POST["idnum"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$major = $_POST["major"];
$year = $_POST["year"];
$action = $_POST["action"];

To:

// Variables of User Input
$idnum = mysql_real_escape_string($_POST["idnum"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$lname = mysql_real_escape_string($_POST["lname"]);
$major = mysql_real_escape_string($_POST["major"]);
$year = mysql_real_escape_string($_POST["year"]);
$action = mysql_real_escape_string($_POST["action"]);

You might want to read up on sql injection.

captaintokyo
@captaintokyo gave it a shot, and changed the code you recommended, but still received an error message.
jc70
I updated my answer... you are calling mysql_query twice. You should call it only once.
captaintokyo
@captaintokyo it works! i updated the update statement with your answer, no more error. but i also noticed that if i don't use mysql_real_escape_string() for the variables...it works. (it also works, if i DO use mysql_real_escape_string() ...i thought that was interesting. (i'm new to php and sql...all this seems pretty interesting...)
jc70
`mysql_real_escape_string` prevents sql injection. Try inputting O'malley in the lastname field for example. If you don't use `mysql_real_escape_string` you will get an error; with it, you won't. This example is harmless, but if you don't use `mysql_real_escape_string` some nasty stuff can happen. Check this link for more information: http://en.wikipedia.org/wiki/SQL_injection
captaintokyo