1

My code is 

$user_query = '
     UPDATE  
          users  
     SET  
          `password`="$password",  
          `email`="$email", 
          `position`="$position", 
     WHERE  
          `username`=".$uname."';
$user_result = mysql_query($user_query, $connection);
confirm_query($user_result);

When I run this query it gives me an error:

Database query failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username=".$uname."' at line 7

Can any body help me resolve this error?

Improve this question
3
  • 4
    there's an extra comma after the position name/value pair. Also, you're missing concatenation marks for the password, email and position variables. Commented May 1, 2012 at 15:12
  • The quotes are all off too. You use single quotes and expect the var to be used, then double quotes and concatenation. Echo the string to see what you end up with. Commented May 1, 2012 at 15:13
  • thank you all, for your comments Commented May 1, 2012 at 16:06

6 Answers 6

Reset to default
6

Your query is in single quotes, so the variables aren't parsed. As you can see in error, the string is literally

`username`=".$uname."

You need to either use double quotes around the enitre thing, to parse variables correctly.

$user_query = "
 UPDATE  
      users  
 SET  
      `password`='$password',  
      `email`='$email', 
      `position`='$position'
 WHERE  
      `username`='$uname'";

Or correctly use the string concatanation operator, ..

$user_query = '
 UPDATE  
      users  
 SET  
      `password`="'.$password.'",  
      `email`="'.$email.'", 
      `position`="'.$position.'"
 WHERE  
      `username`="'.$uname.'"';

As others have noted, there's also an extra , after postion="$position".

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thank you the error was gone, i was stuck on this for hours, you save my life lol.. thank you again
2

Remove the comma , before the WHERE clause

Improve this answer

Comments

1

Just change quotes, and better escape data with DB driver funcs like mysql_real_escape_string()

Difference between quotes: https://stackoverflow.com/a/3446286/765634

Escaping: http://php.net/mysql_real_escape_string

Complete query:

$user_query = <<<SQL
     UPDATE  
          users  
     SET  
          `password`="{$password}",  
          `email`="{$email}", 
          `position`="{$position}", 
     WHERE  
          `username`="{$uname}"
SQL;
Improve this answer

Comments

1

There is a trailing comma between position="$position", and the where clause. Remove the comma just before the where clause.

Improve this answer

Comments

0 
 UPDATE  
          users  
     SET  
          `password`="$password",  
          `email`="$email", 
          `position`="$position"
     WHERE  
          `username`=".$uname."';

You had a trailing , after position

Improve this answer

Comments

0

You have an extra comma after position="$position". Remove that.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.