You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use
Hi guys,
I've just picked up MySQL/PHP today after beating round the bush for so long. Basically I'm creating a CMS bit by bit and so far I'm at the 'Add/Edit/Remove Links' section.
I'm getting the following error when updating a link using the form.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 'test', link_url = '
http://test.com'; WHERE link_id = '44'' at line 1
Here is my PHP:
<?php
include('../lib/config/db_connect.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add/Remove/Edit Links</title>
<script language="JavaScript">
function delArticle(link_id, link_name)
{
if (confirm("Are you sure you want to delete '" + link_name + "'"))
{
window.location.href = 'links.php?del=' + link_id;
}
}
</script>
</head>
<body>
<h1>Links</h1>
<div id="addLinks">
<?php
if(isset($_POST['add']))
{
$linkName = $_POST['link_name'];
$linkURL = $_POST['link_url'];
$addQuery = "INSERT INTO clanms_links (link_name, link_url) VALUES ('$linkName', '$linkURL')";
mysql_query($addQuery) or die('<span class="error">Error: Link Not Added</span>');
}
?>
<div id="addLink">
<h2>Add Link</h2>
<form name="add_links" method="post">
<label>Name</label>
<input type="text" name="link_name" /><br />
<label>URL</label>
<input type="text" name="link_url" value="
http://" /><br />
<input type="submit" value="Add" name="add" />
</form>
</div>
</div>
<div id="currentLinks">
<h2>Current Links</h2>
<?php
if(isset($_GET['del']))
{
$deleteQuery = "DELETE FROM clanms_links WHERE link_id = '{$_GET['del']}'";
mysql_query($deleteQuery) or die('Error : ' . mysql_error());
exit;
}
?>
<?php
$displayQuery = "SELECT link_id, link_name, link_url FROM clanms_links";
$result = mysql_query($displayQuery) or die('Error : ' . mysql_error());
?>
<table width="600" border="0" align="center" cellpadding="5" cellspacing="1">
<tr align="center">
<td width="200"><strong>Name</strong></td>
<td width="300"><strong>URL</strong></td>
<td width="150"><strong>Action</strong></td>
</tr>
<?php
while(list($link_id, $link_name, $link_url) = mysql_fetch_array($result, MYSQL_NUM))
{
?>
<tr>
<td width="200">
<?php echo $link_name; ?>
</td>
<td width="300">
<?php echo $link_url; ?>
</td>
<td width="150" align="center">
<a href="links.php?link_id=<?php echo $link_id;?>">Edit</a>
<a href="javascript:delArticle('<?php echo $link_id;?>', '<?php echo $link_name;?>');">Delete</a>
</td>
</tr>
<?php
}
?>
</table>
</div>
<div id="editLinks">
<?php
if(isset($_GET['link_id']))
{
$editQuery = "SELECT link_id, link_name, link_url ".
"FROM clanms_links ".
"WHERE link_id = '{$_GET['link_id']}'";
$result = mysql_query($editQuery) or die('Error : ' . mysql_error());
list($link_id, $link_name, $link_url) = mysql_fetch_array($result, MYSQL_NUM);
$content = htmlspecialchars($link_url);
}
else if(isset($_POST['link_name']))
{
$link_id = $_POST['link_id'];
$link_name = $_POST['link_name'];
$link_url = $_POST['link_url'];
if(!get_magic_quotes_gpc())
{
$link_name = addslashes($link_name);
$link_url = addslashes($link_url);
}
// update the article in the database
$updateQuery = "UPDATE clanms_links" .
"SET link_name = '$link_name', link_url = '$link_url' " .
"WHERE link_id = '$link_id'";
mysql_query($updateQuery) or die(mysql_error());
echo "<p align='center'>Link updated.</p>";
// now we will display $title & content
// so strip out any slashes
$link_name = stripslashes($link_name);
$link_url = stripslashes($link_url);
}
?>
<?php
if(isset($_GET['link_id']))
{
?>
<h2>Edit Links</h2>
<form method="post" action="links.php">
<input type="hidden" name="link_id" value="<?php echo $link_id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Name</td>
<td><input name="link_name" type="text" class="box" value="<?php echo $link_name;?>"></td>
</tr>
<tr>
<td width="100">URL</td>
<td><input name="link_url" type="text" class="box" value="<?php echo $link_url;?>" /></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="update" type="submit" class="box" id="update" value="Update Link"></td>
</tr>
</table>
</form>
<?php
}
?>
</div>
<?php
include('../lib/config/db_disconnect.php');
?>
</body>
</html>
Can anybody see where I'm going wrong?
Thanks