0

I have a SQL error below when I run my PHP SQL code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE useid = 8' at line 1

mysql_query("UPDATE free_ebook SET math = $assign_math WHERE useid = $newuserid;")or die(mysql_error());

The math field is int(10), and useid is also int(10).

Scott Weldon
  • 9,673
  • 6
  • 48
  • 67
Adam Smith
  • 1
  • 2
  • Hello Mr. Smith, welcome to SO. – Ben Sep 26 '13 at 02:08
  • 1
    what do your variables resolve to? maybe they're unescaped strings that are terminating your query – Kai Qing Sep 26 '13 at 02:08
  • 1
    Provide the value of `$assign_math` – Sean Sep 26 '13 at 02:09
  • 1
    The `mysql_*` functions are **no longer maintained** and shouldn't be used in any new codebase. It is being phased out in favor of newer APIs. Instead you should use [**prepared statements**](https://www.youtube.com/watch?v=nLinqtCfhKY) with either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). – tereško Sep 26 '13 at 02:15
  • @Sean $assign_math = $_POST['input_math']; Which is an integer – Adam Smith Sep 26 '13 at 02:16
  • Typically when the error message is `check the manual that corresponds to your MySQL server version for the right syntax to use near '...` then the issue the value/syntax before. Try wrapping it with single quotes - `... SET math = '$assign_math' ... ` – Sean Sep 26 '13 at 02:19

1 Answers1

1

Looks like the field name should probably be userid, not useid.

Alternatively, try enclosing the values in single quotes, like this:

"UPDATE free_ebook SET math = '".$assign_math."' WHERE useid = '".$newuserid."';"

or even 

"UPDATE free_ebook SET math = '{$assign_math}' WHERE useid = '{$newuserid}';"

On the topic: mysql_query() is deprecated, you should be using the PDO extension. It's easy (maybe easier!) to learn and a lot more secure:

Are there good tutorials on how to use PDO?

http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html

Community
  • 1
  • 1
Ben
  • 54,723
  • 49
  • 178
  • 224
  • Don't send people to nettuts or phpro pages for tutorials. Both of those sites tell people to use PDO with emulated prepares, which negates any advantages gained from prepared statements. Instead direct people to this page: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers – tereško Sep 26 '13 at 02:18