MYSQL Query error WHERE id = $id

Question

I'm creating and then editing a row in a table, however my edit mysql query in php is giving me an error that I can't figure out. Any help?

The creation query:

$query = "INSERT INTO timelines (
id, event_name, event_date, date_created, attendee_count, attendee_names, maximum_attendees, creator_id, creator_name, price, thumbnail
) VALUES (
'{$timelineID}', '{$event_name}', '{$event_date}', '{$date_created}', '{$attendee_count}', '{$attendee_names}', '{$maximum_attendees}', '{$creator_id}', '{$creator_name}', '{$price}', '{$thumbnail}'
)";

The edit query:

$query = "UPDATE timelines SET 
event_name = '{$event_name}', 
event_date = '{$event_date}', 
maximum_attendees = '{$maximum_attendees}', 
price = '{$price}', 
thumbnail = '{$thumbnail}',
WHERE id = {$timelineID}";

Error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id =' at line 8

Answer 1

you have an extra comma before the WHERE clause. just remove it and it will work fine.

thumbnail = '{$thumbnail}',
                          ^ here
WHERE ...

final query,

$query = "UPDATE timelines SET 
event_name = '{$event_name}', 
event_date = '{$event_date}', 
maximum_attendees = '{$maximum_attendees}', 
price = '{$price}', 
thumbnail = '{$thumbnail}'
WHERE id = {$timelineID}";

Your query is vulnerable with SQL INJECTION, please read the article below to learn how to protect from it.

• How can I prevent SQL injection in PHP?