moonstar Posted May 13, 2011 Share Posted May 13, 2011 Hi I am trying to learn php and am working on a cms website. I keep on getting this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[id]' at line 1 I looked at the MySql manual and cannot find what is wrong any suggestion would be greatly appreciated. Thank you. The is the line of code to link to the Edit.php page and holds the id of the post. echo "<a href=\"edit.php?id=$posts[iD]\">Edit</a>"; This is in the Edit page and it gives me the error above. <?php include('Connection.php'); $query = 'SELECT * FROM site_content WHERE ID = $_GET[id]'; $result = mysql_query($query) or die(mysql_error()); $post = mysql_fetch_array($result); ?> Quote Link to comment Share on other sites More sharing options...
Maq Posted May 13, 2011 Share Posted May 13, 2011 1) You should be sanitzing and preventing SQL injections with mysql_real_escape_string. $id = mysql_real_escape_string($_GET['id']); 2) You are probably receiving the error because the column ID probably is not of type integer. Which will require you to put single quotes around the value. $query = "SELECT * FROM site_content WHERE ID = '$id'"; (Note: Used the new $id variable and changed the primary string to double quotes while using singles around $id.) Quote Link to comment Share on other sites More sharing options...
moonstar Posted May 15, 2011 Author Share Posted May 15, 2011 Thank you that works now there is no more errors, but now my link from my admin page which holds that id value will not carry over to the edit page and when I click the link I just get an HTTP 404 error and on my Edit page the values of the posts do not show. I have tried fixing my link through researches I found but did not help can someone help me look at it. Thank you. This my Administration page. <?php $query = "SELECT * FROM site_content"; $result = mysql_query($query); while($posts = mysql_fetch_array($result)) { echo "<a href=\"edit.php?id=$posts[iD]\">Edit</a>";echo "</div><br>"; ?> This is in the Edite page <?php include('Connection.php'); $id = mysql_real_escape_string($_GET['id']); $query = "SELECT * FROM sit_posts WHERE ID = 'id'"; $result = mysql_query($query); $posts = mysql_fetch_array($result); <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" name="editform"> <table> <tr> <td><label for="TitleName">Post Title</label></td> <td><input type="text" name="TitleName" value="<?php echo $posts['Post_Title']; ?>" /></td> </tr> <tr> <td><label for="AuthorName">Post Author</label></td> <td><input type="text" name="AuthorName" value="<?php echo $posts['Post_Author']; ?>" /></td> </tr> </table> </form> ?> The red is where the problem is. Thank you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.