Mysql syntax error when trying to update a table in a joomla plugin

Question

I wrote this query for a joomla plugin

$query = "UPDATE #__content SET fulltext='$_POST[statenames]' WHERE id=$articleId";

But it gives error -

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fulltext = '1' WHERE id = 41' at line 1 SQL=UPDATE jst_content SET fulltext = '1' WHERE id = 41

What is the error?

Do you have a column named `fulltext`? This is a reserved keyword. — ypercubeᵀᴹ, Dec 27 '12 at 08:46
As @ypercube stated `fulltext` is a reserved keyword so surround it with [backticks](http://dev.mysql.com/doc/refman/5.1/en/reserved-words.html) — SaschaM78, Dec 27 '12 at 08:46
Thanks ypercube and SaschaM78. Its working after adding backticks — Ajith, Dec 27 '12 at 09:00

score 2 · Accepted Answer · edited May 23 '17 at 11:56

FULLTEXT is a MySQL Reserved Keyword. You must wrap the column with backtick.

$query = "UPDATE #__content SET `fulltext` = '$_POST[statenames]' WHERE id=$articleId";

MySQL Reserved Words

As a sidenote, the query is vulnerable with SQL Injection if the value of the variable(s) came from clients. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

Mysql syntax error when trying to update a table in a joomla plugin

1 Answers1