Oh, I see that now. There's an easy solution there.
Like last time, there's nothing that jumps out in your SQL
statement that looks wrong. Given the error message, is it
possible that $user isn't numeric?
As for the quote thing, you can simply include the quotes in
your SQL:
$u = $_POST['user' ];
$e = escape_data( $_POST['email' ]);
$p = $_POST['new_ pass'];
// sql statement to enter email & password to db
$sql = "REPLACE INTO $table_name( email,password)
VALUES ('$e','$p') WHERE user_id = $u";
Note that you can simply wrap the $e and $p variables in
quotes in the $sql variable, so long as you are using double
quotes for the entire string (which you are.) There's also
no need to concatenate the $u variable on at the end - it,
too, can be included in the string.
A simple debugging technique you can use here is to comment
out the line that executes the query and instead write:
echo $sql;
That way, you can run the page and instead of the error,
you'll be able to see the SQL statement as it looks when it
gets sent to the DB. Then you can check to make sure that
your quotes are correct and that you have the right types of
data and whatnot.
And just for clarification: it occurred to me that my remark
about the book could be taken wrong, so I wanted to say for
the record that I think it's a pretty good book. He's wrong
on some pretty important stuff now and again (ignore 95% of
chapter 10, for example) but one of the places I teach uses
it as the courseware for our PHP class so I know it
backwards and forwards, and I recognized the escape_data
function from one of the exercises in the book.
Rob Huddleston
Adobe Community Expert - Dreamweaver
Adobe Certified Developer and Instructor
Sierra Adobe/Multimedia User Group Manager
Now blogging at www.robhuddleston.com
----- Original Message ----
From: Terri Orlowski <terri beyondtheoffice.com>
To: HTML-Haven@yahoogroups.com; Rob Huddleston
<robhuddlesyahoo.com>
Sent: Friday, March 28, 2008 8:21:39 PM
Subject: RE: [HTML-Haven] more php help needed
<!--
_filtered {font-family:Wingdings;panose-1:5 0 0 0 0 0 0 0 0
0;}
_filtered {font-family:"Cambria Math";panose-1:2
4 5 3 5 4 6 3 2 4;}
_filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2
4;}
_filtered {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2
4;}
_filtered {font-family:Consolas;panose-1:2 11 6 9 2 2 4 3 2
4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
a:link, span.MsoHyperlink
{color:blue;text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
p
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
code
{font-family:"Courier New";}
pre
{margin:0in;margin-bottom:.0001pt;font-size:10.0pt;font-fam
ily:"Courier New";}
tt
{font-family:"Courier New";}
span.left
{}
span.bld
{}
p.ad, li.ad, div.ad
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ad1, li.ad1, div.ad1
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ad2, li.ad2, div.ad2
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ad3, li.ad3, div.ad3
{margin-right:0in;margin-bottom:7.5pt;margin-left:0in;font-
size:12.0pt;font-family:"Times New Roman",
"serif";}
span.HTMLPreformattedChar
{font-family:Consolas;}
p.bld1, li.bld1, div.bld1
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman",
"serif";font-weight:bold;}
p.replbq, li.replbq, div.replbq
{margin:3.0pt;font-size:12.0pt;font-family:"Times New
Roman", "serif";}
p.left1, li.left1, div.left1
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ct, li.ct, div.ct
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.cat, li.cat, div.cat
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ad4, li.ad4, div.ad4
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ad5, li.ad5, div.ad5
{margin-right:0in;margin-bottom:7.5pt;margin-left:0in;font-
size:12.0pt;font-family:"Times New Roman",
"serif";}
p.left2, li.left2, div.left2
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
p.ct1, li.ct1, div.ct1
{margin-right:0in;margin-left:0in;text-align:right;font-siz
e:12.0pt;font-family:"Times New Roman",
"serif";color:#FF7900;font-weight:bold;}
p.cat1, li.cat1, div.cat1
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman",
"serif";font-weight:bold;}
p.ad6, li.ad6, div.ad6
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-fam
ily:"Times New Roman", "serif";}
span.EmailStyle39
{font-family:"Arial",
"sans-serif";color:#1F497D;font-weight:normal;font
-style:normal;}
.MsoChpDefault
{font-size:10.0pt;}
_filtered {margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{}
_filtered {}
_filtered {font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
Rob,
I replied to you off-list (I hope you don’t mind) because
my
messages are apparently still moderated, and there can be a
kind-of long delay
sometimes. I’m also sending to list for posterity, in case
others have a
similar problem in the future and search the archives.
Yes, I am have the book you mentioned, as well as some
others. I do try to figureit out on my own, from books and
website, before I post just cause I feel Ilearn better if I
can hunt down the answer myself.
The error, which I stupidly forgot to include, is: Youhave
an error in your SQL syntax; check the manual that
corresponds to yourMySQL server version for the right syntax
to use near 'WHERE user_id =' at line1
And I’m not concatenating nothing before and after
variables – I’m concatenating a single quote. I don’t know
why, but that’s the only way I can get the variables to work
correctly in
the SQL statements. So the string is actually “ ‘ “ (added
spaces to demonstrate).
Terri
beyond the office
T: 860.245.0812
http://www.beyondtheof
fice.com
Are you LinkedIn?
Make it your new year's resolution to go paperless.
Visitbeyondtheoffice.com/tips for ideas.
____________________________________________________________
________________________
Special deal for Yahoo! users & friends - No Cost. Get a
month of Blockbuster Total Access now
ht
tp://tc.deals.yahoo.com/tc/blockbuster/text3.com
[Non-text portions of this message have been removed]
------------------------------------
------------------- HTML-Haven --------------------~-~>
BlogViewsByRoz.com<br>
http://www.Bl
ogViewsByRoz.com<br>
------------------------------------------------------------
---_->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/HTML-Haven/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://
groups.yahoo.com/group/HTML-Haven/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:HTML-Haven-digest@yahoogroups.com
mailto:HTML-Haven-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
HTML-Haven-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
$user should be numeric, since it's passed from the db to the script,
then to another script, and back to the db. There is no user
interaction with it at all. But I guess it wouldn't hurt to run
is_numeric() on it, just to make sure.
I'll give that a try and let you know what happens. Thanks!
Terri Orlowski
beyond the office
office solutions for people who think outside the box
T: 860.245.0812
E: terri%40beyondtheoffice.com">terribeyondtheoffice.com
Quoting Rob Huddleston < robhuddles%40yahoo.com">robhuddlesyahoo.com>:
> Oh, I see that now. There's an easy solution there.
>
> Like last time, there's nothing that jumps out in your SQL statement
> that looks wrong. Given the error message, is it possible that
> $user isn't numeric?
>
>; As for the quote thing, you can simply include the quotes in your SQL:
>; $u = $_POST['user' ];
> $e = escape_data( $_POST['email' ]);
> $p = $_POST['new_ pass'];
>
> // sql statement to enter email & password to db
>
> $sql = "REPLACE INTO $table_name( email,password) VALUES ('$e','$p')
> WHERE user_id = $u";
>
> Note that you can simply wrap the $e and $p variables in quotes in
> the $sql variable, so long as you are using double quotes for the
> entire string (which you are.) There's also no need to concatenate
> the $u variable on at the end - it, too, can be included in the
> string.
>
> A simple debugging technique you can use here is to comment out the
> line that executes the query and instead write:
>
> echo $sql;
>
> That way, you can run the page and instead of the error, you'll be
> able to see the SQL statement as it looks when it gets sent to the
> DB. Then you can check to make sure that your quotes are correct and
> that you have the right types of data and whatnot.
>
>; And just for clarification: it occurred to me that my remark about
> the book could be taken wrong, so I wanted to say for the record
> that I think it's a pretty good book. He's wrong on some pretty
> important stuff now and again (ignore 95% of chapter 10, for
> example) but one of the places I teach uses it as the courseware for
> our PHP class so I know it backwards and forwards, and I recognized
> the escape_data function from one of the exercises in the book.
>
> Rob Huddleston
> Adobe Community Expert - Dreamweaver
> Adobe Certified Developer and Instructor
> Sierra Adobe/Multimedia User Group Manager
>
> Now blogging at www.robhuddleston.com
__._,_.___
.
__,_._,___
|
