Posted by davek on 10/24/06 09:39

(posted to: php.general, comp.lang.php, alt.php, alt.php.sql)

I have a form where registered users on my site can edit their login
details. For some reason, the script is inserting an extraneous quote
mark in the mysql update query that is preventing it from running
successfully, but I am at a complete loss to understand why.

This is my code:
$sql = "UPDATE users SET
username = '{$usr}',
password = '{$pwd}',
fullname = '{$_POST['fullname']},
email = '{$_POST['email']}'
WHERE userid = '{$usrid}'";

if (@mysql_query($sql)) {

//send email to user confirming changes

} else {

echo "<p>Error updating details: " . mysql_error() . "</p>";

}

This is the error message:
Error updating details: You have an error in your SQL syntax near
'xxxx@xxxx.com' WHERE userid = '15'' at line 4

I have checked that the $usrid variable does not contain the quote
mark.

Anyone have any bright ideas?

cheers,

d.

• Next in forum: Re: strange extra quote mark appearing in mysql query
• Prev in forum: Re: how do enable php to run "--with-mysql" ro curl on Windows XP?
• Thread view: strange extra quote mark appearing in mysql query

[Reply to this message]