0

Here is the error I get when I submit the updated form: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='19' LIMIT 1' at line 1

Here is the PHP and HTML for the edit (update) page.

    <?php

require_once('../../../private/initialize.php');

if(!isset($_GET['id'])) {
  redirect_to(url_for('/staff/subjects/index.php'));
}
$id = $_GET['id'];

if(is_post_request()) {

  // Handle form values sent by new.php

  $subject = [];
  $subject['id'] = $id;
  $subject['menu_name'] = $_POST['menu_name'] ?? '';
  $subject['description'] = $_POST['description'] ?? '';




  $result = update_subject($subject);
  if($result === true) {
    redirect_to(url_for('/staff/subjects/show.php?id=' . $id));
  } else {
    $errors = $result;
  }

} else {

  $subject = find_subject_by_id($id);

}

$subject_set = find_all_subjects();
$subject_count = mysqli_num_rows($subject_set);
mysqli_free_result($subject_set);

?>

<?php $page_title = 'Edit Subject'; ?>
<?php include(SHARED_PATH . '/staff_header.php'); ?>

  <a class="back-link" href="<?php echo url_for('/staff/subjects/index.php'); ?>">&laquo; Back to List</a>

  <div class="subject edit">
    <h1>Edit Subject</h1>

    <?php echo display_errors($errors); ?>

    <form action="<?php echo url_for('/staff/subjects/edit.php?id=' . h(u($id))); ?>" method="post">
      <dl>
        <dt>Subject name</dt>
        <dd><input type="text" name="menu_name" value="<?php echo h($subject['menu_name']); ?>"</dd>
      </dl>
      <dl>
        <dt>Description</dt>
        <dd>
          <textarea name="description" cols="60" rows="10"><?php echo h($subject['description']); ?></textarea>
        </dd>
      </dl>
      <div id="operations">
        <input type="submit" value="Edit Subject" />
      </div>
    </form>

  </div>


<?php include(SHARED_PATH . '/staff_footer.php'); ?>

This is my PHP update to update the record.

//UPDATE SUBJECTS
function update_subject($subject) {
global $db;

$errors = validate_subject($subject);
if(!empty($errors)) {
  return $errors;
}

$sql = "UPDATE subjects SET ";
$sql .= "menu_name='" . db_escape($db, $subject['menu_name']) . "', ";
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";
$sql .= "LIMIT 1";

$result = mysqli_query($db, $sql);
// For UPDATE statements, $result is true/false
if($result) {
  return true;
} else {
  // UPDATE failed
  echo mysqli_error($db);
  db_disconnect($db);
  exit;
}}
Improve this question
1

2 Answers 2

Reset to default
1

You have a comma ( , ) right before the WHERE

$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";

change it to:

$sql .= "description='" . db_escape($db, $subject['description']) . "' ";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Remove the , at the last from this line :

$sql .= "description='" . db_escape($db, $subject['description']) . "', ";

Use this :

$sql .= "description='" . db_escape($db, $subject['description']) . "' ";
Improve this answer

1 Comment

Thanks for the help!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.