I'm trying to update a email field in Mysql through php. i keep getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com,
The cell in Mysql is varchar(100). The e-mail addres is typed in from a text box.
$insert_fbacc="UPDATE jos_users SET email=".$_POST['email']", WHERE id='$user->id'";
with the previous code, mysql updates only half of the email address, only the @yahoo.com part.
i tried to convert $_POST['email'] to string and the result is the error i wrote.
EDIT:
Thanks guys, you're great!
I found out what it was... bad syntax and forgot to escape.
Thanks a lot!
Actually, you seem to have a syntax error in the code (no dot after $_POST['email']).
And the variable itself isn't surrounded by quotes. It should be:
$insert_fbacc="UPDATE jos_users SET email='{$_POST['email']}', WHERE id='$user->id'";
Also, don't forget to escape the variable using mysql_real_escape_string:
$_POST['email'] = mysql_real_escape_string($_POST['email']).
In that exact query string I can see a problem.
$insert_fbacc="UPDATE jos_users SET email=".$_POST['email']", WHERE id='$user->id'";
You need to add a '.' after $_POST[ 'email' ], as far as I can tell, to make:
$insert_fbacc="UPDATE jos_users SET email=" . $_POST[ 'email' ] . ", WHERE id='$user->id'";
Don't forget to escape characters!
Always escape input:
$insert_fbacc="UPDATE jos_users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE id='".mysql_real_escape_string($user->id)."'";
I see three errors:
String value must be enclosed in quotes:
$insert_fbacc="UPDATE jos_users SET email='".$_POST['email']"', WHERE id='$user->id'";
// ---^ ---^
Missing string concatenation:
$insert_fbacc="UPDATE jos_users SET email='".$_POST['email']."', WHERE id='$user->id'";
// ---^
Remove the comma:
$insert_fbacc="UPDATE jos_users SET email='".$_POST['email']."' WHERE id='$user->id'";
// ---^
As already mentioned, don't forget to use mysql_real_escape_string().