0

I'm running MYSQL and PHP through XAMPP to make a CMS -- learning a lot but I'm super confused by this error.

The information was not accepted
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1, visible = 1 WHERE id = 1' at line 3

So when I update the menu item through PHPMyAdmin it shows this

UPDATE `information` SET `menu` = 'Changed Menu Name' WHERE `information`.`id` = 1;

My relevant PHP would be, or view the entire file on my Gist:

        if (empty($errors)){
            $id = mysql_prep($_GET['info']);
            $menu = mysql_prep($_POST['menu']); //use POST array for form method
            $position = mysql_prep($_POST['position']);
            $visible = mysql_prep($_POST['visible']);

            $query = "UPDATE information SET 
                menu = '{$menu}', 
                position = {$position}, 
                visible = {$visible} 

                 WHERE id = {$id}";

            $result = mysql_query($query, $connection);

            if (mysql_affected_rows() == 1 ) {
                //Successful
                $message = "The information was correctly updated";
            } else {
                //Failure
                $message = "The information was not accepted";
                $message .= "<br>" . mysql_error();
            }

        } else {
            //Errors are happening
            $message = "There were " . count($errors) . " too many errors in the form";
        }

    }

I've tried adding my $connection variable in with my if (mysql_affected_rows() == 1 ) and updating the MySQL code to include spaces. I've also tried adding th $id variable in after WHERE

I'm pretty confused about how I'm to resolve this error. For more context, the repo for the project can be found here.

Really getting close to having a dynamic menu -- any help would be great!

Sean Kelly
  • 901
  • 7
  • 27
  • 1
    Learn about prepared statements to prevent SQL injection – Jens Jun 24 '17 at 18:27
  • 1
    You miss the equalssign here: `position {$position}, ` – Jens Jun 24 '17 at 18:28
  • I agree with @Jens look into [Prepared Statements](https://www.w3schools.com/php/php_mysql_prepared_statements.asp). As for your bug the error is pretty clear, there is a syntax error in your sql query. Try outputing the contents of `$query` and then use that exact string in the MyPhpAdmin. It will help you debug the problem. – Gary Holiday Jun 24 '17 at 18:32
  • Yes all true, but as Jens pointed out it's an obvious error, position = $position. You also don't need to put the {} around all the variables when you are interpolating variables in a string. You only need that if you have an array that includes single tics around the keynname, or there is some other ambiguity. – gview Jun 24 '17 at 18:36
  • This should not have been closed as a duplicate involving quotes or related embedding. That was not the cause of the error, nor the question involved. Reading about those topics might be useful to the poster, but it has nothing to do at all with debugging his problem. – gview Jun 24 '17 at 18:42
  • I added the equal sign and inputted the $query into my PHPMyAdmin but it gives me the same error that my front end gives me. Probably because I'm printing the error to the page. The form validates and says that the item has been updated, but still no change – Sean Kelly Jun 24 '17 at 18:53
  • I think one error : ${menu} ${position} ${visible} ${Id} – Naresh Teli Jun 24 '17 at 18:53
  • Jen was correct about the backtics -- going to need to find a crash course! – Sean Kelly Jun 24 '17 at 19:05

0 Answers0