0

I am having a wierd problem when attempting to update a table in my mysql server.

The code:

    $name = trim(FilterText($_POST['name']));
$description = trim(FilterText($_POST['description']));
$type = $_POST['type'];

if($groupdata['type'] == "3" && $_POST['type'] != "3"){ echo "You may not change the group type if it is set to 3."; exit; } // you can't change the group type once you set it to 4, fool
if($type < 0 || $type > 3){ echo "Invalid group type."; exit; } // this naughty user doesn't even deserve an settings update

if(strlen(HoloText($name)) > 25){
    echo "Name too long\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
} elseif(strlen(HoloText($description)) > 200){
    echo "Description too long\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
} elseif(strlen(HoloText($name)) < 1){
    echo "Please give a name\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";  
} else {
    mysql_query("UPDATE groups SET name = '".$name."', type = $type, desc='".$description."' WHERE id = $groupid AND ownerid = '".USER_ID."' LIMIT 1") or die(mysql_error());
    echo "Editing group settings successful\n\n<p>\n<a href=\"".WWW."/groups/".$groupid."/id\" class=\"new-button\"><b>Done</b><i></i></a>\n</p>\n\n<div class=\"clear\"></div>";
}

At the mysql_query to update groups, I keep getting an error saying that I have an error in my SQL syntax at the part when inserting desc=blahblahbla.

When I take the "desc" part out of the query, and only insert the name and type, the query works perfectly, but when I add the desc back into the query, it throws the error again. There are no '' in the desc part - which could stuff it up, and even if there were, I have filtered them at the start of the code.

Any help would be greatly appreciated.

I am using a CMS in case you were wondering

Thanks in advance! :)

Improve this question

2 Answers 2

Reset to default
2

desc is a reserved word in MySQL, for use in order by clauses. You'll have to escape it with backticks:

UPDATE .... `desc`=etc...
            ^--  ^--

And of course, you'll also get jumped on by a few dozen busybodies who'll claim that using the mysql_*() functions will cause the universe to implode in 5... 4... 3...

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for that! I didn't click with the "order by 'desc'" bit. Thanks a million!
Those busybodies are performing a public service.
0

try this 

mysql_query("UPDATE `groups` SET `name` = '".$name."', `type` = $type, `desc` = '".$description."' WHERE `id` = '$groupid' AND `ownerid` = '".USER_ID."' LIMIT 1") or die(mysql_error());
Improve this answer

1 Comment

If you're going to change a long string by only 2 characters, you should generally point out WHERE the changes are. We're human, we don't do 'diff' easily.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.