This code works, table is updating, but server responds: "You have an error in your SQL syntax".
Asking for the sake of interest. Please tell me where is an error
$id = $_POST['id'];
$name = $_POST['name'];
$image = $_POST['image'];
$price = $_POST['price'];
mysql_connect("localhost","main","password");
mysql_select_db("main");
$result = mysql_query("SELECT * FROM goods WHERE id='".$id."'");
if(mysql_num_rows($result) > 0) {
$newquery = mysql_query("UPDATE goods SET name='".$name."', image='".$image."', price='".$price."' WHERE id='".$id."'");
if(!mysql_query($newquery)) {
die('Invalid query: ' . mysql_error());
} else {
echo "Updated successfully";
}
} else {
echo "Error: there is no such product in DB";
}
Error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Your where condition is wrong. It is expecting an integer not a string for ID.
Should be:
$newquery = mysql_query("UPDATE goods SET name='".$name."', image='".$image."', price='".$price."' WHERE id=".$id);
But you should note 2 things.
mysql_query and all mysql_ functions have been replaced by mysqli_
you are vulnerable to SQL injection. You should use PDO or any ORM/Database Abstraction to handle queries for you to prevent that.
'name' is a MySQL keyword. If you plan to use it as a column name then you must use back ticks when performing queries on the column:
"UPDATE `goods` SET `name`='".$name."', `image`='".$image."', `price`='".$price."' WHERE `id`='".$id."'"
Your insert values are strings. So you have to use " or ' to wrap it:
$sql = "UPDATE users SET fullname = '".$fullname."', bio = '".$bio."',
birthdate = '".$birthdate."', pass = '".$newpass."',
WHERE username = '".$susername."'";