-1

I'm coding a CMS system to my friend and everything has going fine until yesterday, so updating query don't work somehow, I have double checked the queries and cannot find an error. Everything else working just fine maybe I have done a little mistake what I cannot see , if you guys could help me out a little bit I would appreciate it ..

here is my sql query 

$query = "UPDATE posts2  SET";
$query .= "post_title = '{$post_title}', ";
$query .= "post_category_id = '{$post_category_id}', ";
$query .= "post_date =  now(), ";
$query .= "post_author = '{$post_author}', ";
$query .= "post_status = '{$post_status}', ";
$query .= "post_tags = '{$post_tags}', ";
$query .= "post_content = '{$post_content}', ";
$query .= "post_image = '{$post_image}' ";
$query .= "WHERE id = {$the_post_id} " ;
Qirel
  • 25,449
  • 7
  • 45
  • 62
vili
  • 3
  • 2
  • 3
    sql injection everywhere! , but I'll just assume they where escaped off the question. – Adam Forbis Jun 23 '17 at 17:15
  • 1
    Your code is subject to SQL Injection. Please checkout mysqli or PDO and prepared statements. What error are you getting? – Sloan Thrasher Jun 23 '17 at 17:17
  • 1
    This is why you should just use a single string, and not concat it. Its easy to forget a space somewhere, like you did, after `SET`. Voting to close as typo. – Qirel Jun 23 '17 at 17:19
  • 1
    Try echo'ing out the query, inspect it and run it in another tool like phpmyadmin against the database directly. This will likely make the error more obvious. – Jonathan Kuhn Jun 23 '17 at 17:20
  • Welcome to Stack Overflow! [What does your step debugger tell you?](http://stackoverflow.com/questions/25385173/what-is-a-debugger-and-how-can-it-help-me-diagnose-problems) –  Jun 23 '17 at 17:27
  • Well yeah, I'm using "mysqli", but before I move this to production server I'm gonna double check all the security issues , so it is not my main problem right now, but I got it work, so I forgotten lest space after SET so that I did not noticed ... – vili Jun 23 '17 at 18:06

1 Answers1

0

Try code given below

$query = "UPDATE posts2 SET ";
$query .= "post_title = '{$post_title}', ";
$query .= "post_category_id = '{$post_category_id}', ";
$query .= "post_date =  now(), ";
$query .= "post_author = '{$post_author}', ";
$query .= "post_status = '{$post_status}', ";
$query .= "post_tags = '{$post_tags}', ";
$query .= "post_content = '{$post_content}', ";
$query .= "post_image = '{$post_image}' ";
$query .= "WHERE id = {$the_post_id} " ;

you left no space after SET on the first line of your query. Also please check you're inserting category id as varchar. If it's numeric field please remove quotes around it.

Ankita Tanti
  • 455
  • 3
  • 11
  • No it is working thanks a lot , I didn't notice that I've forgotten that space after SET , even how many hours I read through the code , now it is working .. – vili Jun 23 '17 at 18:04
  • You're welcome! If your issue is resolved mark it as resolved! – Ankita Tanti Jun 23 '17 at 18:06