Can you find the logic/syntax Error

Question

I have been going line by line through my code trying to find an error, however i am yet to succeed.

Shown below are snippets of my input and update files.

modifyform.php

                    <li id="li_1" >
        <label class="description" for="servername">Server Name </label>
        <div>
            <input id="element_1" name="Servername" class="element text medium" type="text" maxlength="255" value="<?php echo $person['servername']; ?>"/> 
        </div><p class="guidelines" id="guide_1"><small>Enter your server name here NOT your server address.</small></p> 
        </li>       <li id="li_2" >
        <label class="description" for="Serveraddress">Server Address </label>
        <div>
            <input id="element_2" name="Serveraddress" class="element text medium" type="text" maxlength="255" value="<?php echo $person['serveraddress']; ?>"/> 
        </div><p class="guidelines" id="guide_2"><small>This will the DNS name of your server</small></p> 
        </li>       <li id="li_3" >
        <label class="description" for="Portnumber">PortNumber </label>
        <div>
            <input id="element_3" name="Portnumber" class="element text medium" type="text" maxlength="255" value="<?php echo $person['portnumber']; ?>"/> 
        </div><p class="guidelines" id="guide_3"><small>This will be the port your server is using.</small></p> 

        <label class="description" for="Status">Server Status </label>
               <div>
            <input id="element_4" name="Status" class="element text medium" type="text" maxlength="255" value="<?php echo $person['status']; ?>"/> 
        </div><p class="guidelines" id="guide_4"><small> Display your Server Status</small></p> 

        </li>       <li id="li_4" >
        <label class="description" for="Description">Server Description </label>
        <div>
            <textarea id="element_5" name="Description" class="element textarea medium" value ="<?php echo $person['description']; ?>"></textarea> 
        </div><p class="guidelines" id="guide_5"><small>Enter server description/rules here.</small></p> 
        </li>

                    <li class="buttons">
                <input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />

                <input id="saveForm" class="button_text" type="submit" name="submit" value="Modify" />
        </li>
            </ul>
        </form> 
        <div id="footer">
        </div>
    </div>

    </body>-
</html>

modifyame.php

<?php


mysql_connect("localhost", "user", "password") or die (mysql_error());
#echo "Connected to MYSQL ";
mysql_select_db("starforg_search") or die (mysql_error());
#echo "Connected to Data Base";
/*$query = "SELECT * FROM table WHERE userId='{$user_id}'";
$result = mysql_query ($query) or die (mysql_error());*/

    if(!isset($_POST['submit'])) {
    $q = "SELECT * FROM addserverame WHERE ID = $_GET[id] AND userId='{$user_id}'";
    $result = mysql_query ($q);
    $person = mysql_fetch_array ($result);
    }

    ?>



<?

if(isset($_POST['submit'])) {
    $u = "UPDATE addserverame SET `servername`='$_POST[Servername]', `serveraddress`='$_POST[Serveraddress]', `portnumber`='$_POST[Portnumber]', `status`='$_POST[Status]', `description`='$_POST[Description]', WHERE ID = $_POST[id] AND userId='{$user_id}'";
    mysql_query($u) or die (mysql_error());
    echo "Server Info Has Been Modified";
}
?>

The Problem area Update and echoing the servername,serveraddress and portnumber fields are fine however echoing/updating description and status fields are not working.

I have looked over the table names numerous times and i am admit they are correct.

This brings me to believe syntax errors may be the culprit.

Thanks for your time

Ben

Also, escape your `$_POST` vars, you don't want a nasty injection. — Dave, Apr 16 '13 at 01:30
@ Cumbo yes reading on how to fix that was the next thing on to-do list. — BenniMcBeno, Apr 16 '13 at 01:32
@bennyboy I love answering questions, but this is just a debug request. If this was a question you would have isolated the problem and asked a pointed question about it. — Sverri M. Olsen, Apr 16 '13 at 01:45

score 4 · Accepted Answer · edited May 23 '17 at 11:50

4

There is a syntax error on your UPDATE statement. You have extra , before the WHERE clause that should be removed.

UPDATE  addserverame 
SET  `servername`='$_POST[Servername]', 
     `serveraddress`='$_POST[Serveraddress]', 
     `portnumber`='$_POST[Portnumber]', 
     `status`='$_POST[Status]', 
     `description`='$_POST[Description]', -- <<=== REMOVE extra comma HERE
WHERE ID = $_POST[id] AND 
      userId='{$user_id}'

Make it a habit to align codes so syntax error mistakes can be easily spotted.

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

edited May 23 '17 at 11:50

Community

1
1

answered Apr 16 '13 at 01:27

John Woo

258,903
69
498
492

Great Thanks, its always great to have a second pair of eyes. I will Give you correct answer when the timer runs out. – BenniMcBeno Apr 16 '13 at 01:31
you're welcome `:D` but hey, please also read about `sql injection`.. – John Woo Apr 16 '13 at 01:32
1

yer i am going to fix that after i fixed this, thanks again – BenniMcBeno Apr 16 '13 at 01:33

Can you find the logic/syntax Error

1 Answers1