tags:

views:

38

answers:

2
+1  Q: 

Receiving Error message when performing Update Statement

Receiving Error message when performing Update Statement, but database is being updated.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1

Issue with function update()

function update($pUInput) {

    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

Entire PHP Code:

//Call function mainline
mainline();

// Declare the function mainline
function mainline() {

    $uInput = getUserInput();

    $connectDb = openConnect(); // Open Database Connection
    selectDb($connectDb); // Select Database
    doAction($uInput);
    //display();
    //closeConnect();

}

//Declare function getUserInput ------------------------------------------------------------------------------------
function getUserInput() {

    echo "In the function getUserInput()" . "<br/>";

    // Variables of User Input
    $idnum = $_POST["idnum"];              // id (NOTE: auto increments in database)
    $fname = $_POST["fname"];             // first name
    $lname = $_POST["lname"];            // last name
    $major = $_POST["major"];           // major
    $year = $_POST["year"];            // year
    $action = $_POST["action"];       // action (select, insert, update, delete)

    $userInput = array($idnum, $fname, $lname, $major, $year, $action);

    return $userInput;
}

// function doAction ----------------------------------------------------------------------------------------------
function doAction($pUserInput) {
    echo "In function doAction()" . "<br/>";

    if ($pUserInput[5] == "select") {
        //IDorLastName();   
        selectById();


    } elseif ($pUserInput[5] == "insert") {


        //checkStudentFields();
        insert($pUserInput);

        //echo "I need to insert!";
    } elseif ($pUserInput[5] == "update") {
        //IDorLastName();       
        update($pUserInput);    
        //echo "I need to insert!";


    } elseif ($pUserInput[5] == "delete") {
        //IDorLastName();       
        deleteById($pUserInput);    
        //echo "I need to insert!";
    }

}

/*
function IDorLastName() {
    if (!empty($pUserInput[0]) || !empty($pUserInput[2])) {
                checkId();
                } else {
            echo "Please enter ID field or Last Name field";
            }
        }
}
*/
// function checkId -----------------------------------------------------------------------------------------------
/*
function checkId() {
    if (!empty($pUserInput[0])) {
        selectById();
        } else {
        selectByLastName();
    }
}*/

/*
function checkStudentFields() {
 // check if first name, last name, major and year exists
}*/

// Create a database connection ------------------------------------------------------------------------------------
function openConnect() {
    $connection = mysql_connect("localhost", "root_user", "password");
        echo "Opened Connection!" . "<br/>";    
    if(!$connection) {
        die("Database connection failed: " . mysql_error());
    }
    return $connection;
}

// Select a database to ------------------------------------------------------------------------------------------- 
function selectDb($pConnectDb) {
    $dbSelect = mysql_select_db("School", $pConnectDb);
    if(!$dbSelect) {
        die("Database selection failed: " . mysql_error());
    } else {
    echo "You are in the School database! <br/>";   
    }

}

// Close database connection ------------------------------------------------------------------------------------
function closeConnect() {
    mysql_close($connection);
}

// function selectById ---------------------------------------------------------------------------------------------
function selectById($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE id='$pUInput[0]'");
    if (!$row = mysql_fetch_assoc($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        //echo $pUInput[0];

}

// function selectByLastName ---------------------------------------------------------------------------------------------
function selectByLastName($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE last_name='$pUInput[2]'");
    if (!$row = mysql_fetch_array($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        echo $pUInput[2];

}

// function insert -------------------------------------------------------------------------------------------------
function insert($pUInput) {     
    $sql="INSERT INTO tblStudents (first_name, last_name, major, year)
          VALUES
         ('$pUInput[1]','$pUInput[2]','$pUInput[3]', '$pUInput[4]')";

        if (!mysql_query($sql))
          {
          die('Error: ' . mysql_error());
          }
        echo "1 record added";
}

// function update -------------------------------------------------------------------------------------------------
function update($pUInput) {
    // call select();
    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

// function delete -------------------------------------------------------------------------------------------------
function deleteById($pUInput) {
        // call select();
        $sql="DELETE FROM tblStudents WHERE id='$pUInput[0]'";
        $result=mysql_query($sql);

        if($result){
            echo "Deleted Successfully";
        }else {
            echo "Error";
        }       
}

/*

function display() { 
}
*/



?>

SQL Syntax:

CREATE TABLE `tblStudents` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `first_name` varchar(30) NOT NULL,
  `last_name` varchar(50) NOT NULL,
  `major` varchar(40) NOT NULL,
  `year` date NOT NULL,
  PRIMARY KEY (`id`)
)
A: 

Your id-column is of a numeric value and you're comparing it to a string-value. Computer says no.

Kurt Du Bois  2010-09-02 07:25:09
+1  A: 

Try this:

$sql = "UPDATE tblStudents 
        SET first_name = '{$pUInput[1]}',
            last_name = '{$pUInput[2]}', 
            major = '{$pUInput[3]}', 
            year = '{$pUInput[4]}'
        WHERE id = '{$pUInput[0]}'";

if(!mysql_query($sql))
{
    die('Error: ' . mysql_error());
}
echo "1 record update";

And change this:

// Variables of User Input
$idnum = $_POST["idnum"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$major = $_POST["major"];
$year = $_POST["year"];
$action = $_POST["action"];

To:

// Variables of User Input
$idnum = mysql_real_escape_string($_POST["idnum"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$lname = mysql_real_escape_string($_POST["lname"]);
$major = mysql_real_escape_string($_POST["major"]);
$year = mysql_real_escape_string($_POST["year"]);
$action = mysql_real_escape_string($_POST["action"]);

You might want to read up on sql injection.

captaintokyo  2010-09-02 07:35:20
@captaintokyo gave it a shot, and changed the code you recommended, but still received an error message.
jc70  2010-09-02 08:02:09
I updated my answer... you are calling mysql_query twice. You should call it only once.
captaintokyo  2010-09-02 08:41:56
@captaintokyo it works! i updated the update statement with your answer, no more error. but i also noticed that if i don't use mysql_real_escape_string() for the variables...it works. (it also works, if i DO use mysql_real_escape_string() ...i thought that was interesting. (i'm new to php and sql...all this seems pretty interesting...)
jc70  2010-09-02 09:20:16
`mysql_real_escape_string` prevents sql injection. Try inputting O'malley in the lastname field for example. If you don't use `mysql_real_escape_string` you will get an error; with it, you won't. This example is harmless, but if you don't use `mysql_real_escape_string` some nasty stuff can happen. Check this link for more information: http://en.wikipedia.org/wiki/SQL_injection
captaintokyo  2010-09-02 09:27:19

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases