-2

This might be an idiotic question, cause I can't find anything related on the internet.

I have a function to update a post (wording / text) in the SQL database..I have switch hosting companies, and with all the shit that fell apart - I am unable to solve this specific one. I am using the same SQL version on this hosting company as on the previous one....

I get this error message :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n boodskap of n ding moet hier wees' WHERE idd = '13'' at line 1

The closest 'error code' to this situation I could find was - When SQL gives you this message, it means your entire code is messed up and it can't seem to understand what you want to do.

The line of code with the error is very simple - 

mysqli_query($conn, "UPDATE msgs SET messg = $dibod WHERE idd = $id")

Also tried

mysqli_query($conn, "UPDATE msgs SET messg = '$dibod' WHERE idd = $id")

And

mysqli_query($conn, "UPDATE `msgs` SET `messg` = '$dibod' WHERE `idd` = '$id'")

The only thing that changed is the error code - it displays the error message with quotes/backslashes

Roshana Pitigala
  • 8,437
  • 8
  • 49
  • 80
Jimmy
  • 23
  • 7
  • Try something like this to escape your variable : mysqli_query($conn, "UPDATE `msgs` SET `messg` = ' " .$dibod. " ' WHERE `idd` = ' " . $id . " ' ") – executable Jul 11 '18 at 09:31
  • 3
    Don't use string interpolation to inject values into SQL: you're vulnerable to SQL Injection. Rather use parameterised SQL. This will avoid you needing to handle values that contain special characters (like `$dibod` containing a single quote which I think is you're problem here). – Richard Jul 11 '18 at 09:39
  • 2
    @executable That won't help except being more obviously a SQL Injection vulnerability. – Richard Jul 11 '18 at 09:40
  • 1
    I think this would answer your problem https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – executable Jul 11 '18 at 09:41
  • Restart MySQL server and try. There's nothing wrong in your code. I can't reproduce this error. – Roshana Pitigala Jul 11 '18 at 09:47
  • See about prepared and bound queries. – Strawberry Jul 11 '18 at 09:49
  • 2
    @RoshanaPitigala Given that you have no idea what's being echoed to the mysql server, you have no way of knowing this. – Strawberry Jul 11 '18 at 09:50
  • What's being echoed can be identified through the error. It clearly states: _near `'n boodskap of n ding moet hier wees'`_ – Roshana Pitigala Jul 11 '18 at 09:54
  • Working on one of the other problems (created by switching hosting companies), I found a solution due to a type error. I got a syntax error with this query = ("DELETE * FROM thisplace WHERE id = $id"). It was fixed by removing the (*single asterisks*) = ("DELETE FROM thisplace WHERE id = $id"). Could this problem be related? Because removing the (*single asterisks*) does not make any sense and leave space for interpretation in the code? – Jimmy Jul 11 '18 at 10:57
  • couldn't find any answers to this question on the 'duplicates'...thanks @shadow – Jimmy Jul 11 '18 at 12:10
  • @Jimmy You need to be a lot more specific as to what you have tried and what errors / unexpected behaviour you experienced after trying out the codes suggested by the duplicates in order for me to reconsider the closure of this question. – Shadow Jul 11 '18 at 13:50

1 Answers1

0

try this?

mysqli_query($conn, "UPDATE msgs SET messg = '$dibod' WHERE idd = '$id'")
Keoh Wei Pien
  • 19
  • 4