1

I want to update my database and this code in working good on another table but here i have an error and i see this message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='588'' at line 4

<?php
$sel_item = "SELECT * FROM `employees` where id=".$_GET['emp_id'];
$done_item = mysql_query($sel_item);
$get_item = mysql_fetch_array($done_item);

if(isset($_POST['edit']) ){
    $upd= "UPDATE `employees` SET 
    `emp_no`='".$_POST['name']."',
    WHERE `id`='".$_POST['id']."";
    $do_upd = mysql_query($upd) or die(mysql_error());
}
?>


<form action="" method="post" enctype="multipart/form-data">

         <table class="append-row" width="100%" border="0" bgcolor="#006699"  height="60px" align="left" 
        style="padding:0 30px;">
          <tr>

           <td><input type="text" name="name" id="name" placeholder="name"  value="<? php echo $get_item['emp_no'];?>"></td>
          <input type="hidden" name="id" id="id"    value="<?php echo $get_item['id'];?>" >

          <td><input type="submit" name="edit" id="edit" value="edite"></td>    

      </tr>

        </table>

     </form>
Improve this question
5
  • 1
    you have a comma before WHERE Commented May 29, 2013 at 16:54
  • 2
    There's a comma after $_POST['name']."', - you need to remove that. Commented May 29, 2013 at 16:54
  • make sure you have id field in that table too Commented May 29, 2013 at 16:55
  • 2
    Your code is vulnerable to SQL injections and is also using a deprecated MySQL library. Commented May 29, 2013 at 16:56
  • Thanks for the edit @Ryan Naddy Commented May 29, 2013 at 16:57

4 Answers 4

Reset to default
3

You are missing the closing single quote after the $_POST['id'] in the UPDATE statement and you also have a comma you don't need before the WHERE condition.

Try:

$upd= "UPDATE `employees` SET `emp_no`='".$_POST['name']."' WHERE `id`='".$_POST['id']."'";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Agreed and good point. User input ($_POST) should always be validated before being used in a query. My answer was just to get the query working.
1 
$upd= "UPDATE `employees` SET `emp_no`='".$_POST['name']."', WHERE `id`='".$_POST['id'].""; 
$do_upd = mysql_query($upd) or die(mysql_error());

You've missed an ' it should be...

$upd= "UPDATE `employees` SET `emp_no`='".$_POST['name']."', WHERE `id`='".$_POST['id']."'";

You also don't need the comma before 'WHERE'

Improve this answer

Comments

1

Drop the old school Mysql and use PDO to make things easier on you and your database, but your problem is the comma before the WHERE statement.

$sql = $pdo->prepare("UPDATE employees SET emp_no = ? WHERE id = ?");
$sql->execute(array($_POST['name'], $_POST['id']));

As a personal preference, you should NEVER use a tilde `, to surround your items, if it is so you don't use a keyword, then you probably should rename your column/table/database.

Improve this answer

Comments

0

emp_no='".$_POST['name']."',

The comma is breaking your SQL

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.