-1

I receive this error when trying to update my header on the webpage 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'index SET h1='Welcome to the Oxfam, The leading UK Charity on fighting poverty.'' at line 1'

Here is my code and thanks in advance im sure its something silly!!

<?php
include('../connect.php');
session_start();
if(!isset($_SESSION['csc2024_40104547']))
{
header("Location: login.php");
}
$id = $_POST['id'];  
$updateh1 = $_POST['h1'];
$updatep1 = $_POST['p1'];
$updatep2 = $_POST['p2'];
$updateimg1 = $_POST['img1'];
$updateh2 = $_POST['h2'];
$updatep3 = $_POST['p3'];
$updateli1 = $_POST['li1'];
$updateli2 = $_POST['li2'];

$query = "UPDATE index SET h1='$updateh1',  p1='$updatep1',p2='$updatep2',
    h2='$updateh2',p3='$updatep3',li1='$updateli1',li2='$updateli2',
    img1='$    updateimg1' WHERE id='$id'";
$display = mysql_query($query) or die(mysql_error());
?>
A.L
  • 10,259
  • 10
  • 67
  • 98
Dougiee
  • 19
  • 8
  • `INDEX` is a [reserved word](http://dev.mysql.com/doc/refman/5.7/en/reserved-words.html) in MySQL. Also your code is susceptible to SQL injection. – tsnorri Dec 14 '14 at 01:17
  • You have a security problem, see [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – A.L Dec 14 '14 at 01:42

2 Answers2

3

index is a reserved keyword in MySQL. you need to escape it like so

update `index` set h1='$updateh1', ...

notice the use of back tick ` not a quote.

but you really should not be using it as a table name to start with.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Born2Code
  • 1,055
  • 6
  • 13
0

Try this:

$query = "UPDATE `index` SET `h1` = '$updateh1',`p1` = 'updatep1' WHERE `id`='$id'";

index is a reserved keyword in MySQL.

wtznc
  • 895
  • 2
  • 14
  • 26