Forum Moderators: coopster
This is the error message i get when i run my script:
"Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id = '1'' at line 1"
Below is my script"
<?php
include 'library/config.php';
include 'library/opendb.php';
if(isset($_GET['id']))
{
$query = "SELECT id, filename, keywords, description, headline, article". "FROM content" .
"WHERE id = '{$_GET['id']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $filename, $keywords, $description, $headline, $article) = mysql_fetch_array($result, MYSQL_NUM);
$article = htmlspecialchars($article);
}
else if(isset($_POST['filename']))
{
$id = $_POST['id'];
$filename = $_POST['filename'];
$keywords = $_POST['keywords'];
$description= $_POST['description'];
$headline = $_POST['headline'];
$article = $_POST['article'];
if(!get_magic_quotes_gpc())
{
$id= addslashes($id);
$filename = addslashes($filename);
$keywords = addslashes($keywords);
$description= addslashes($description);
$headline = addslashes($headline);
$article= addslashes($article);
}
// update the article in the database
$query = "UPDATE content ".
"SET filename = '$filename', keywords = '$keywords', description = '$description', headline = '$headline', article = '$article' ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<p align='center'>Article updated</p>";
// now we will display $filename & $article
// so strip out any slashes
$filename = stripslashes($filename);
$keywords = stripslashes($keywords);
$description= stripslashes($description);
$headline = stripslashes($headline);
$article = stripslashes($article);
}
include 'library/closedb.php';
?>
<form method="post" action="cms-edit.php">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Filename</td>
<td><input name="filename" type="text" class="box" id="filename"></td>
</tr>
<tr>
<td width="100">Keywords</td>
<td><textarea name="keywords" cols="50" rows="5" class="box" id="keywords"></textarea></td>
</tr>
<tr>
<td width="100">Description</td>
<td><textarea name="description" cols="50" rows="3" class="box" id="description"></textarea></td>
</tr>
<tr>
<td width="100">Headline</td>
<td><textarea name="headline" cols="50" rows="1" class="box" id="headline"></textarea></td>
</tr>
<tr>
<td width="100">Article</td>
<td><textarea name="article" cols="50" rows="10" class="box" id="article"></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="update" type="submit" class="box" id="update" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="cms-admin.php">Back to admin page</a></p>
</form>
</body>
</html>
I am trying to build my own CMS script. Its painfully slow!
Thanks.
$query = "SELECT id, filename, keywords, description, headline, article". "FROM content" .
"WHERE id = '{$_GET['id']}'";
If you remove the concatenation, (" . ") you have
$query = "SELECT id, filename, keywords, description, headline, articleFROM contentWHERE id = '{$_GET['id']}'";
You are missing some spaces. In fact, you don't really need the concatenation in that statement, do you?
It works.
As you can see,i am a newbie.
Based on the textbook that i hv read, you are right that there is no need for concatenation. However i am copy the script from others and therefore prefer to keep the script in its original state.
Thanks.
Am just pondering your suggestion on:
"Whenever you get a mysql error, it's good to echo or store the selects in a variable to print out, then paste them on a command line."
Can you share how it can be done? Am new and i think its good to newbie like me for debugging.
Thanks
