-1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

The query works but the error report "bugs" me :)

//the vars i use
$pos = $_POST['positie'];   //this can be B1 till M100
$kolom = $pos[0];           //get first char of the $pos string 
$rij = substr($pos, 1, 3);  //get the rest of the chars

$sql= mysql_query("UPDATE floorplan SET available='0' WHERE kolom='$kolom' AND rij='$rij'") or die( mysql_error() );

the kolom is varchar(4), rij is int(4) and avaiable is a BOOLEAN.

TrustMe
  • 95
  • 1
  • 2
  • 7
  • 5
    possible duplicate of [Best way to prevent SQL injection?](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection) – Álvaro González Nov 19 '12 at 13:11
  • 2
    Dude. **Check your input!!** – Rijk Nov 19 '12 at 13:11
  • 1
    First of all it's not safe to run mysql queries like that - you can face sql injection. To debug your case add echo "UPDATE floorplan SET available='0' WHERE kolom='$kolom' AND rij='$rij'" statement to see what actually happens, probably there's no post variables you are relying on. – itsmeee Nov 19 '12 at 13:11
  • is your post variable an array? – Nikos Tsirakis Nov 19 '12 at 13:13
  • its just to test, but still why am i getting this error? – TrustMe Nov 19 '12 at 13:14
  • @WebnetMobile.com B or C or D or .. till M – TrustMe Nov 19 '12 at 13:15
  • @NikosTsirakis its like i stated in the comment "B1" or "C59" or it could even be "K100" – TrustMe Nov 19 '12 at 13:17
  • 2
    This is what I'd do, to help debugging: `$sql = "UPDATE floorplan SET available='0' WHERE kolom='$kolom' AND rij='$rij'"; print($sql);` Then you can see exactly what's being queried. – EM-Creations Nov 19 '12 at 13:18
  • `near '' at line 1` indicates, that the error must be at the end, because no chars are left in the SQL-String. Check your `$rij`-value – martinczerwi Nov 19 '12 at 13:20
  • @EM-Creations this is what i have between those vars and the query `echo "original string = ".$pos."
    "; echo "kolom = ". $kol ." and rij = ". $rij."
    ";`     – TrustMe Nov 19 '12 at 13:21
  • @TrustMe That's not good enough, make it output EXACTLY what you're sending to the MySQL server. – EM-Creations Nov 19 '12 at 16:00

2 Answers2

0

Suppose $pos has a value of "B1".

Then, substr($pos, 1, 3); will return an out of bounds exception.

Try with substr($pos, 1);

Kiro Coneski
  • 515
  • 1
  • 5
  • 20
0

In mysql, boolean is simply synonym for TINYINT(1). A value of 0 is considered FALSE. So, change 

$rij = substr($pos, 1, 3);

to

$rij = intval(substr($pos, 1, 3));

and query to

"UPDATE floorplan SET available=0 WHERE kolom='$kolom' AND rij=$rij"

would solve your problem but like others said, you should think about SQL Injection.

edigu
  • 9,878
  • 5
  • 57
  • 80