MySql query error near WHERE

Question

My code is

$user_query = '
     UPDATE  
          users  
     SET  
          `password`="$password",  
          `email`="$email", 
          `position`="$position", 
     WHERE  
          `username`=".$uname."';
$user_result = mysql_query($user_query, $connection);
confirm_query($user_result);

When I run this query it gives me an error:

Database query failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username=".$uname."' at line 7

Can any body help me resolve this error?

there's an extra comma after the position name/value pair. Also, you're missing concatenation marks for the password, email and position variables. — Doug Dawson, May 01 '12 at 15:12
The quotes are all off too. You use single quotes and expect the var to be used, then double quotes and concatenation. Echo the string to see what you end up with. — jeremyharris, May 01 '12 at 15:13

score 6 · Accepted Answer · answered May 01 '12 at 15:13

Your query is in single quotes, so the variables aren't parsed. As you can see in error, the string is literally

`username`=".$uname."

You need to either use double quotes around the enitre thing, to parse variables correctly.

$user_query = "
 UPDATE  
      users  
 SET  
      `password`='$password',  
      `email`='$email', 
      `position`='$position'
 WHERE  
      `username`='$uname'";

Or correctly use the string concatanation operator, ..

$user_query = '
 UPDATE  
      users  
 SET  
      `password`="'.$password.'",  
      `email`="'.$email.'", 
      `position`="'.$position.'"
 WHERE  
      `username`="'.$uname.'"';

As others have noted, there's also an extra , after postion="$position".

thank you the error was gone, i was stuck on this for hours, you save my life lol.. thank you again — Yasitha, May 01 '12 at 15:51

score 2 · Answer 2 · answered May 01 '12 at 15:11

2

Remove the comma , before the WHERE clause

answered May 01 '12 at 15:11

Lion

18,729
22
80
110

score 1 · Answer 3 · edited May 02 '12 at 04:26

1

There is a trailing comma between position="$position", and the where clause. Remove the comma just before the where clause.

edited May 02 '12 at 04:26

Wladimir Palant

56,865
12
98
126

answered May 01 '12 at 15:11

MonkeyMonkey

826
1
6
19

score 1 · Answer 4 · edited May 23 '17 at 12:19

Just change quotes, and better escape data with DB driver funcs like mysql_real_escape_string()

Difference between quotes: https://stackoverflow.com/a/3446286/765634

Escaping: http://php.net/mysql_real_escape_string

Complete query:

$user_query = <<<SQL
     UPDATE  
          users  
     SET  
          `password`="{$password}",  
          `email`="{$email}", 
          `position`="{$position}", 
     WHERE  
          `username`="{$uname}"
SQL;

score 0 · Answer 5 · answered May 01 '12 at 15:11

0

 UPDATE  
          users  
     SET  
          `password`="$password",  
          `email`="$email", 
          `position`="$position"
     WHERE  
          `username`=".$uname."';

You had a trailing , after position

answered May 01 '12 at 15:11

Darren

68,902
24
138
144

score 0 · Answer 6 · answered May 01 '12 at 15:12

0

You have an extra comma after position="$position". Remove that.

answered May 01 '12 at 15:12

Charls

319
1
9

MySql query error near WHERE

6 Answers6