MySQL UPDATE Query Syntax Error?

Question

I am relatively new to MySQL and PHP and I have been trying to UPDATE a table for a very long time now, I've searched Google and SO and I still can't figure it out.

Here is the php:

$info = array('about_me' => NULL, 'profile_pic' => NULL, 'political_party' => NULL,         'econ_views' => NULL, 'religious_views' => NULL, 
'abortion_view' =>NULL,'gay_marraige' => NULL, 'other' => NULL);

foreach ($_POST as $key => $value) {
    $info[$key] = mysql_escape_string($value);
}

$about_me = $info['about_me'];
$profile_pic = $info['profile_pic'];
$econ_views = $info['econ_views'];
$religious_views = $info['religious_views'];
$abortion_view = $info['abortion_view'];
$gay_marraige = $info['gay_marraige'];
$other = $info['other'];
$political_party = $info['political_party'];

//Connect to database
require 'db.php';

$query = "UPDATE `users` SET `about_me`=$about_me, `profile_pic`=$profile_pic,   `econ_views`=$econ_views,
       `religious_views`=$religious_views,`abortion_view`=$abortion_view,`gay_marriage`=$gay_marraige, 
    `other`=$other, `political_party`=$political_party WHERE `username`=emoore24";

echo "$query"."<br /><br />";
$result = mysql_query($query) or die(mysql_error());

echo "success"

This is run on a form with many text areas and one select element. I ran everything with simple strings as data and got this:

UPDATE users SET about_me=test about, profile_pic=, econ_views=test econ, religious_views=test rel,abortion_view=test abortion,gay_marriage=test gay marraige, other=test other, political_party=democrat WHERE username=emoore24

You have an error in your SQL syntax; check the manual that corresponds to your MySQL >server version for the right syntax to use near ' econ_views=test econ, >religious_views=test rel,abortion_view=test abor' at line 1

I'm assuming that it's something small, but I can't see it. Could anyone help?

Bill Karwin · Accepted Answer · 2012-01-29T17:02:21.640

You haven't put quotes around any of your string literals.

UPDATE `users` SET 
  `about_me`=about_me, 
  `profile_pic`=, 
  `econ_views`=test econ,  
  `religious_views`=test rel,
  `abortion_view`=test abortion,
  `gay_marriage`=test gay marraige, 
  `other`=test other, 
  `political_party`=democrat 
WHERE `username`=emoore24

Should be:

UPDATE `users` SET 
  `about_me`='about_me', 
  `profile_pic`=NULL, 
  `econ_views`='test econ',  
  `religious_views`='test rel',
  `abortion_view`='test abortion',
  `gay_marriage`='test gay marraige', 
  `other`='test other', 
  `political_party`='democrat' 
WHERE `username`='emoore24'

If you use PDO with prepared statements, it would be a lot simpler and safer, and you won't have to worry about quoting or escaping literals. For example, here's how I might write that code:

$info = array(
  'about_me' => NULL, 
  'profile_pic' => NULL, 
  'political_party' => NULL,
  'econ_views' => NULL, 
  'religious_views' => NULL, 
  'abortion_view' => NULL,
  'gay_marriage' => NULL, 
  'other' => NULL
);

$query = "UPDATE `users` SET 
      `about_me`=:about_me, 
      `profile_pic`=:profile_pic, 
      `econ_views`=:econ_views,  
      `religious_views`=:religious_views,
      `abortion_view`=:abortion_view,
      `gay_marriage`=:gay_marriage, 
      `other`=:other, 
      `political_party`=:political_party 
    WHERE `username`=:username";

if (($stmt = $pdo->prepare($query)) == FALSE) {
  $err = $pdo->errorInfo(); die($err[2]);
}

$values = array_intersect_key($_POST, $info);
$values['username'] = 'emoore24';

if ($stmt->execute( $values ) == FALSE) {
  $err = $stmt->errorInfo(); die($err[2]);
}

Sorry noob question here, but are you saying I need quotes around all of my variables within the $query string? If so, should they be double quotes? thanks for the quick response — emoore, Jan 29 '12 at 16:57
@emoore: Use single-quotes for string literals in SQL. See my answer to [Do different databases use different name quote](http://stackoverflow.com/a/214344/20860) — Bill Karwin, Jan 29 '12 at 17:03
@emoore: Also you should fix the misspelling "gay_marraige" your $info array. — Bill Karwin, Jan 29 '12 at 17:28

score 2 · Answer 2 · answered Jan 29 '12 at 16:48

2

You need to quote the text in your query

UPDATE `users` SET `about_me`='about_me'

And do the same for the other fields.

answered Jan 29 '12 at 16:48

jprofitt

10,874
4
36
46

score 1 · Answer 3 · answered Jan 29 '12 at 16:56

Your query is wrong. You need to put quotes around all values :

Change your query like this:

$query = "UPDATE `users` SET `about_me`='about_me', `profile_pic`='$profile_pic',   `econ_views`='$econ_views',`religious_views`='$religious_views',`abortion_view`='$abortion_view',`gay_marriage`='$gay_marraige', `other`='$other', `political_party`='$political_party' WHERE `username`='emoore24'";

Hope this works :)

score 0 · Answer 4 · answered Jan 29 '12 at 16:53

profile_pic=, also looks wrong. I run my queries by hand in a mysql IDE or mysql command line editor to see what the issues are.

I also start with a small select statement and build it up. After I have a select statement that works I switch it to a update statement.

MySQL UPDATE Query Syntax Error?

4 Answers4