Get content from Database and Updating the content generates Error

Question

I am retrieving data from the joomla Database.

I am searching for the tag <img alt=''"> in the content and I want the alt tag value as the articles title.

But when I Update the content in database I get the following error.

"Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's, each catering to different testing needs of an organization. It has f' at line 1"

Please Check the Code given below.

$link= "SELECT * FROM as23dc_content LIMIT 1";
$link_result = mysqli_query($conn, $link);

while($row_link= mysqli_fetch_assoc($link_result)) {

    $content = $row_link["introtext"];

    $add_alt_title = 'alt="'.$row_link["title"].'"';

    $content1 = preg_replace('/(alt)=("[^"]*")/i', "$add_alt_title", $content);

      //echo $content1;

             $sql = "UPDATE as23dc_content SET introtext='".$content1."' WHERE id='".$row_link["id"]."'";
             //print_r($sql);

             if(mysqli_query($conn, $sql)) {
                echo "Record updated successfully";
        } else {
                echo "Error updating record: " . mysqli_error($conn);
        }
}

Just under your `$sql = "UPDATE..."` you have a `print_r($sql)`. What does it show? — BeetleJuice, Aug 16 '16 at 07:23
Are you doing this outside Joomla or inside any joomla extension? — Amit Ray, Aug 17 '16 at 02:50
Tushar It has been a while and you did not select any answer, nor gave any feedback. It takes a lot to understand your problem, find a solution and write it up for you. If a solution worked for you, select and upvote it. If not, at least let us know why so we (who tried to help) can also learn from this issue. — BeetleJuice, Sep 06 '16 at 16:27

BeetleJuice · Answer 1 · 2016-08-17T16:06:32.317

The problem is that your $content1 string has quotes that confuse the SQL parser because it has a hard time knowing where that value ends.

Use prepared statements instead because they make it impossible for the parser to become confused

//Put '?' where the values would be
$sql = "UPDATE as23dc_content SET introtext = ? WHERE id = ?"
$stmt = mysqli_prepare($conn, $sql) or die (mysqli_error($conn));

//bind the values to the '?' parameters (replace 's' with 'i' for integer values)
$stmt->bind_param('ss', $content1, $row_link['id']);

//execute the query and abort on error
$stmt->execute() or die ($stmt->error);

if($stmt->affected_rows) echo "Record updated successfully."
else echo "Record could not be found. No change was made."

score -1 · Answer 2 · edited May 23 '17 at 10:29

-1

I'm almost sure that you are generating invalid sql.

introtext='".$content1."'

witch generate something like introtext='sometest' Pay attention to the quotes! Same goes for

id='".$row_link["id"]."'"

is the problem (unsafe too)

Please read How to use mysqli prepared statements in PHP? and official php docs http://php.net/manual/en/mysqli.prepare.php

edited May 23 '17 at 10:29

Community

1
1

answered Aug 16 '16 at 07:26

po_taka

1,816
17
27

Amit Ray · Answer 3 · 2016-08-17T03:18:35.147

-1

You can escape single quotes using this

$content1 = preg_replace('/(alt)=("[^"]*")/i', "$add_alt_title", $content);
$content1 = mysqli_real_escape_string($conn, $content1);//Procedural

OR

$content1 = preg_replace('/(alt)=("[^"]*")/i', "$add_alt_title", $content);
$content1 = $conn->real_escape_string($content1);//OOPS

After this you can insert into database.

edited Aug 17 '16 at 03:18

answered Aug 17 '16 at 03:10

Amit Ray

3,445
2
19
35

who negatively voted this ans plz give a good reason for that. – Amit Ray Aug 17 '16 at 14:52

Get content from Database and Updating the content generates Error

3 Answers3