-1

This is my full page code, but notice the error in writing which line is causing the error.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id']; ?>'' at line 131)

When I write this $getpost = $db->select($query_edit); code, this type of error appears on my admin page, I do not understand what to do, I have tried many things, but error is not resolved!

<?php
$query_edit = "SELECT * FROM tbl_post WHERE id='$editpost' ";
$getpost = $db->select($query_edit);// This is the line that caused this error to be written

My admin panel image:

enter image description here

Rasclatt
  • 12,498
  • 3
  • 25
  • 33
Akash Manna
  • 7
  • 7
  • 1
    As the error message states, your SQL is invalid. Correct it and it should work. Also don't put variables in SQL, use parameters. You also are not likely to be using `mysql` and `sql-server` those are 2 different database systems – user3783243 Oct 06 '19 at 03:31
  • The error in your screen shot is different than the error you typed in the question. Based on your screen shot it appears that the `select` method of your `$db` object is adding more SQL code to your query before executing it against the database. The error is probably caused by that additional code. – AlwaysLearning Oct 06 '19 at 04:36
  • Probably, You configured ID column with number type and set query compare with string. Let try replace id='$editpost' with id= $editpost – Au Nguyen Oct 06 '19 at 05:05
  • Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Dharman Oct 06 '19 at 10:29

1 Answers1

0

It appears that you are using quotes improperly. You can but shouldn't do this.... $query_edit = 'SELECT * FROM tbl_post WHERE id="' . $editpost . '"';

You leave yourself open to SQL injection. Look up PDO prepared statements.

Vbudo
  • 405
  • 4
  • 9