0

my code below

    $count++;
    $yesstring = 'MATCH';

    echo $count . '. RESULT ' . $idcheck . ': ' . $phonecheck . ' was matched. <br />';

    $matchquery = sprintf("UPDATE `list` SET match = `%s` WHERE homephone = `%s` LIMIT 1",
        mysql_real_escape_string($yesstring),
        mysql_real_escape_string($phonecheck));

    $matchresult = mysql_query($matchquery);

    if (!$matchresult) {
        die("Invalid query: " . mysql_error());
    }

and this is my error

Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'match = MATCH WHERE homephone = (999) 999-9999 LIMIT 1' at line 1

any help would be appreciated

Improve this question

2 Answers 2

Reset to default
2

match is a reserved word in MySQL. Escape it with backticks:

 UPDATE `list` SET `match` = ...
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

That did it. I had no idea. Swapped out the column name and this all good to go.
1

You're using backticks when you should be using regular quotes. Backticks are reserved for escaping table or column names:

INSERT INTO `foo` VALUES ('value')

Although you're properly escaping your SQL, calling mysql_real_escape_string can prove to be a constant nuisance. Switching to mysqli or PDO would make writing correct SQL a lot easier in the long-run.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.