Posted by Jerry Stuckle on 10/24/06 10:26

Jerry Stuckle wrote:
> davek wrote:
>
>> (posted to: php.general, comp.lang.php, alt.php, alt.php.sql)
>>
>> I have a form where registered users on my site can edit their login
>> details. For some reason, the script is inserting an extraneous quote
>> mark in the mysql update query that is preventing it from running
>> successfully, but I am at a complete loss to understand why.
>>
>> This is my code:
>> $sql = "UPDATE users SET
>> username = '{$usr}',
>> password = '{$pwd}',
>> fullname = '{$_POST['fullname']},
>> email = '{$_POST['email']}'
>> WHERE userid = '{$usrid}'";
>>
>> if (@mysql_query($sql)) {
>>
>> //send email to user confirming changes
>>
>> } else {
>>
>> echo "<p>Error updating details: " . mysql_error() . "</p>";
>>
>> }
>>
>> This is the error message:
>> Error updating details: You have an error in your SQL syntax near
>> 'xxxx@xxxx.com' WHERE userid = '15'' at line 4
>>
>> I have checked that the $usrid variable does not contain the quote
>> mark.
>>
>> Anyone have any bright ideas?
>>
>> cheers,
>>
>> d.
>>
>
> `password` is a MySQL reserved word.
>

I should also add:

fullname = '{$_POST['fullname']},

has mismatched quotes.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: e-commerce site - need advice
• Prev in forum: Re: A Question of design.
• Thread view: Re: strange extra quote mark appearing in mysql query

[Reply to this message]