fatal error by updating a table via ajax

Question

What is wrong here

js

function cstatus(status, user, pass){
    var id = $('.pmarked').data('id');
    console.log(id); // 101
    $.ajax({
        url: 'pro-status.php',
        type: 'post',
        data: {'status': status, 'user': user, 'pass': pass, 'id': id},
        success: function(data) {
            console.log(data);
        }
    });
}

pro-status.php

$sql = "update posts set status = :astatus, user = :auser, pass = :apass, where id = :aid";

$stmt = $db->prepare($sql);
$stmt->execute(array(
    ":astatus" => $_POST['status'],
    ":auser" => $_POST['user'],
    ":apass" => $_POST['pass'],
    ":aid" => $_POST['id'] // line 12
));

error

Fatal error... right syntax to use near 'where id = '101'' ... pro-status.php:12

**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 28 '17 at 19:42
Can you give a better explanation of what you're trying to do? — Sam, Jul 28 '17 at 19:43
Voting to close as **off-topic** due to a simple typo - there's a trailing comma `,` just before your `WHERE`. — Qirel, Jul 28 '17 at 19:45

score 4 · Accepted Answer · answered Jul 28 '17 at 19:43

Remove the comma here:

pass = :apass, where id = :aid"

Should be:

pass = :apass where id = :aid"

In addition you should never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

score 3 · Answer 2 · answered Jul 28 '17 at 19:43

3

It should be

$sql = "update posts set status = :astatus, user = :auser, pass = :apass where id = :aid";

Just remove the comma (,) after the :apass

answered Jul 28 '17 at 19:43

Linga

10,379
10
52
104

@bonaca Please check the code carefully before posting here. This kind of typo issues are common but it is discouraged – Linga Jul 28 '17 at 19:47

Kamran Jabbar · Answer 3 · 2017-07-28T19:45:15.373

2

Issue in SQL syntax please remove the comma and use this on $sql place.

$sql = "update posts set status = :astatus, user = :auser, pass = :apass where id = :aid";

edited Jul 28 '17 at 19:45

answered Jul 28 '17 at 19:44

Kamran Jabbar

858
7
21

score 2 · Answer 4 · answered Jul 28 '17 at 19:45

2

remove , before where

$sql = "update posts set status = :astatus, user = :auser, pass = :apass where id = :aid";

answered Jul 28 '17 at 19:45

aidinMC

1,415
3
18
35

fatal error by updating a table via ajax

4 Answers4