Error in my code, but where?!?!

[GWHicks]

I am working through the PHP Fast & Easy book and have run into an error in the code, but I can't figure out what is not right.
When the code executes I get the following error:
You have an error in your SQL syntax near 'WHERE id = '" at line 13

I am not sure why the SQL query is erroring since it looks like a good structure to me. I have thought of the possibility that it may be one of the preceding pages that is not passing the appropriate info, but I don't think so since I have tried changing the line to end with WHERE id = 2"; and I get the same error (replacing the 2 in the error of course!) If anyone has an idea I would be open to figuring out why it doesn't work. I have downloaded the code for the book and get the same error, so it appears it is an actual problem in the book itself.
Thanks in advance.
Greg
Here is my code:

<?
if ((!$_POST[f_name]) || (!$_POST[l_name])) {
header( &quot;Location:

http://127.0.0.1/pick_modcontact.php&quot;);

exit;
} else {
session_start();
}
if ($_SESSION[valid] != &quot;yes&quot {
header(&quot;Location:

http://127.0.0.1/contact_menu.php&quot;);

exit;
}
$db_name = &quot;testDB&quot;;
$table_name = &quot;my_contacts&quot;;
$connection = @mysql_connect(&quot;localhost&quot;, &quot;ghicks&quot;, &quot;jester&quot or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = &quot;UPDATE $table_name SET
f_name = '$_POST[f_name]',
l_name = '$_POST[l_names]',
address1 = '$_POST[address1]',
address2 = '$_POST[address2]',
address3 = '$_POST[address3]',
postcode = '$_POST[postcode]',
country = '$_POST[country]',
prim_tel = '$_POST[prim_tel]',
sec_tel = '$_POST[sec_tel]',
email = '$_POST',
birthday = '$_POST[birthday]',
WHERE id = '$_POST[id]'&quot;;
$result = @mysql_query($sql, $connection) or die(mysql_error());
?>
<!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;>
<html>
<head>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
<meta name=&quot;GENERATOR&quot; content=&quot;IBM WebSphere Studio Homepage Builder V6.0.0 for Windows&quot;>
<meta http-equiv=&quot;Content-Style-Type&quot; content=&quot;text/css&quot;>
<title>My Contact Management System: Contact Updated</title>
</head>
<body>
<h1>My Contact Management System</h1>
<h2><em>Modify a Contact - Contact Updated</em></h2>
<p>The following information was successfully updated in <? echo &quot;$table_name&quot;; ?></p>
<table cellspacing=3 cellpadding=5>
<tr>
<th>NAME AND ADDRESS INFORMATION</th>
<th>OTHER CONTACT/PERSONAL INFORMATION</th>
</tr>
<tr>
<td valign=top>
<p><strong>First Name:</strong><br>
<? echo &quot;$_POST[f_name]&quot;; ?></p>
<p><strong>Last Name:</strong><br>
<? echo &quot;$_POST[l_name]&quot;; ?></p>
<p><strong>Address 1:</strong><br>
<? echo &quot;$_POST[address1]&quot;; ?></p>
<p><strong>Address 2:</strong><br>
<? echo &quot;$_POST[address2]&quot;; ?></p>
<p><strong>Address 3:</strong><br>
<? echo &quot;$_POST[address3]&quot;; ?></p>
<p><strong>Zip/Postal Code:</strong><br>
<? echo &quot;$_POST[postcode]&quot;; ?></p>
<p><strong>Country:</strong><br>
<? echo &quot;$_POST[country]&quot;; ?></p>
</td>
<td valign=top>
<p><strong>Primary Telephone Number:</strong><br>
<? echo &quot;$_POST[prim_tel]&quot;; ?></p>
<p><strong>Secondary Telephone Number:</strong><br>
<? echo &quot;$_POST[sec_tel]&quot;; ?></p>
<p><strong>E-Mail Address:</strong><br>
<? echo &quot;$_POST[email]&quot;; ?></p>
<p><strong>Birthday:</strong><br>
<? echo &quot;$_POST[birthday]&quot;; ?></p>
</td>
</tr>
<tr>
<td align=center colspan=2><br>
<p><a href=&quot;contact_menu.php&quot;>Return to Main Menu</a></p>
</td>
</tr>
</table>
</body>
</html>

Greg Hicks
VB.Net (Newbie) Programmer
[URL unfurl="true"]http://www.ajlb2.com[/URL]

 

[sleipnir214]

It's probably your use of associative arrays inside a string literal. I've found that PHP doesn't like that.

Test the concatenation -- print the query to the screen.

If you're missing values, rewrite the query so that it uses explicit string concatenation. Something like:

$sql = "UPDATE $table_name SET
f_name = '" . $_POST[f_name] . "',
l_name = '" . $_POST[l_names]. "',
address1 = '" . $_POST[address1]. "',
address2 = '" . $_POST[address2]. "',
address3 = '" . $_POST[address3]. "',
postcode = '" . $_POST[postcode]. "',
country = '" . $_POST[country]. "',
prim_tel = '" . $_POST[prim_tel]. "',
sec_tel = '" . $_POST[sec_tel]. "',
email = '" . $_POST[email]. "',
birthday = '" . $_POST[birthday]. "',
WHERE id = '" . $_POST[id] . "'";

I've run into this problem before, so I've gotten into the habit of always using explicit concatenation, even when using simple variables or numeric arrays.


I also notice that you're putting quotes around the value against which the column id will be compared. If id is a numeric type, don't use the quotes. MySQL will not be able to efficiently convert the input value to the right type, so you will negatively affect performance.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[sleipnir214]

Correction. The code I provided should read:

$sql = "UPDATE $table_name SET
f_name = '" . $_POST['f_name'] . "',
l_name = '" . $_POST['l_names']. "',
address1 = '" . $_POST['address1']. "',
address2 = '" . $_POST['address2']. "',
address3 = '" . $_POST['address3']. "',
postcode = '" . $_POST['postcode']. "',
country = '" . $_POST['country']. "',
prim_tel = '" . $_POST['prim_tel']. "',
sec_tel = '" . $_POST['sec_tel']. "',
email = '" . $_POST['email']. "',
birthday = '" . $_POST['birthday']. "',
WHERE id = '" . $_POST['id'] . "'";

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[GWHicks]

Thanks for the input, but I get the same error with your code in place. This is really annoying, I hate when I can't see the problem, I know it is going to be some stupid sign or some other mark that I am missing.
Greg

Greg Hicks
VB.Net (Newbie) Programmer

http://www.ajlb2.com

 

[sleipnir214]

Don't just use posted code, take my initial advice and output the query to the browser.

Examine that output -- does it look correct?

Cut-and-paste it to your preferred MySQL admin tool -- does it work? Does it return what you think it should?



Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[GWHicks]

OK, thanks for pointing me back at the obvious (debug your work!!) I found a typo on the SQL statement that was preventing the name from filling correctly. The output to the browser is as follows:

UPDATE my_contacts SET f_name = 'Firstname', l_name = 'Lastname', address1 = 'Address Line 1', address2 = 'Address Line 2', address3 = 'Address Line 3', postcode = '92548', country = 'USA', prim_tel = '555-555-5555', sec_tel = '444-444-4444', email = 'someone@someweb.com', birthday = '1979-12-30', WHERE id = ''

Obviously it is not pulling the information from $_POST[id] as it should. In the procedure that is calling this one I have the following lines:

<form method=&quot;post&quot; action=&quot;do_modcontact.php&quot;;
<input type=&quot;hidden&quot; name=&quot;id&quot; value=&quot;<? echo &quot;$_POST[id]&quot;; ?>&quot;>

The hidden line should pass over the id of the current record, but it doesn't appear to be. What are the next steps for troubleshooting to determine where exactly the number is getting dropped? I have replaced the $_POST[id] line in my code with just the number 2 and my query is then being constructed with an id number of 2. Thanks for your help, it is greatly appreciated.


Greg Hicks
VB.Net (Newbie) Programmer

http://www.ajlb2.com

 

[GWHicks]

Never mind, just after posting I found my error. My <form line doesn't have the closing > so it wasn't parseing correctly, so the hidden line wasn't processing correctly. Works now! Thanks again for all your help. It is these types of things that I tend to learn the most from!!
Greg

Greg Hicks
VB.Net (Newbie) Programmer

http://www.ajlb2.com