[solved] Update error niet te vinden
Ik snap er niks meer van, ik ben een update script aan het omzetten, waar id -> k_id moet heten.
het bekijken, aanmaken en binnen laden van de gegevens gaat goed, maar na mijn verandering in de naam (k_id) lukt het updaten zelf niet meer.
krijg een error:
"Error, modify album failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16'' at line 1"
Er is iets wat ik over het hoofd zie qua benaming, maar ik zie het na lang turen en schuiven nog niet.. iemand die het wel snel ziet?... thnx!
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include '../library/config.php';
include '../library/opendb.php';
if (!isset($_GET['k_id']))
{
echo "id is not defined";
}
else if(isset($_POST['upload']))
{
$id = $_POST['k_id'];
$klant = $_POST['klant'];
//start the query
$query = "UPDATE klanten SET klant = '$klant''";
if (!get_magic_quotes_gpc()) {
$klant = addslashes($klant);
}
if ($_FILES['userfile']['tmp_name']) {
$name = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$uploadDir = '../logoimage/';
$filePath = $uploadDir . $name;
if( file_exists($filePath) ) {
unlink($filePath);
}
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
//if there was a file, then add the file information to the query.
$query .= ", logoname = '$name', logopath = '$filePath',logosize = '$fileSize', logotype = '$fileType' ";
} else {
$name = "";
}
//finish off the qyery.
$query .= "WHERE k_id = '{$_GET['k_id']}'";
mysql_query($query) or die('Error, modify album failed : ' . mysql_error());
echo "<p align='center'>Artikel geupdate</p>";
} else {
$id = $_GET['k_id'];
$sql = "SELECT k_id, logoname,klant, logopath FROM klanten WHERE k_id = '{$_GET['k_id']}'";
$result = mysql_query($sql) or die('Error, get info failed. ' . mysql_error());
if (mysql_num_rows($result) == 0) {
} else {
$row = mysql_fetch_assoc($result);
?>
<form action="" method="post" enctype="multipart/form-data" name="uploadform">
<table width="400" border="0" align="center" cellpadding="8" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#99CC00">
<tr>
<td class="info">Klant:</td>
<td><input name="klant" type="text" class="box" id="klant" value="<?php echo $row['klant']; ?>"> </td>
</tr>
<td class="info">Huidge afbeelding: </td>
<td><?php echo '<img height="30px" src="../logoimage/' . $row['logoname'] . '" />' ; ?></td>
</tr>
<tr>
<td class="info">Afbeelding uploaden:</td>
<td><input name="userfile" type="File" class="box" id="userfile" size="15"></td>
</tr>
<tr>
<td class="info"> </td>
<td><input name="upload" type="Submit" id="upload" class="dynamic_button" value="Updaten">
<input type="hidden" name="k_id" value="<? echo "$id"; ?>" />
<input name="btnBack" type="button" class="dynamic_button" id="btnBack"
onclick="window.location.href='backend.php?page=klanten';" value="Overzicht" /></td>
</tr>
</table>
</form>
<?php
}
}
?>
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include '../library/config.php';
include '../library/opendb.php';
if (!isset($_GET['k_id']))
{
echo "id is not defined";
}
else if(isset($_POST['upload']))
{
$id = $_POST['k_id'];
$klant = $_POST['klant'];
//start the query
$query = "UPDATE klanten SET klant = '$klant''";
if (!get_magic_quotes_gpc()) {
$klant = addslashes($klant);
}
if ($_FILES['userfile']['tmp_name']) {
$name = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$uploadDir = '../logoimage/';
$filePath = $uploadDir . $name;
if( file_exists($filePath) ) {
unlink($filePath);
}
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
//if there was a file, then add the file information to the query.
$query .= ", logoname = '$name', logopath = '$filePath',logosize = '$fileSize', logotype = '$fileType' ";
} else {
$name = "";
}
//finish off the qyery.
$query .= "WHERE k_id = '{$_GET['k_id']}'";
mysql_query($query) or die('Error, modify album failed : ' . mysql_error());
echo "<p align='center'>Artikel geupdate</p>";
} else {
$id = $_GET['k_id'];
$sql = "SELECT k_id, logoname,klant, logopath FROM klanten WHERE k_id = '{$_GET['k_id']}'";
$result = mysql_query($sql) or die('Error, get info failed. ' . mysql_error());
if (mysql_num_rows($result) == 0) {
} else {
$row = mysql_fetch_assoc($result);
?>
<form action="" method="post" enctype="multipart/form-data" name="uploadform">
<table width="400" border="0" align="center" cellpadding="8" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#99CC00">
<tr>
<td class="info">Klant:</td>
<td><input name="klant" type="text" class="box" id="klant" value="<?php echo $row['klant']; ?>"> </td>
</tr>
<td class="info">Huidge afbeelding: </td>
<td><?php echo '<img height="30px" src="../logoimage/' . $row['logoname'] . '" />' ; ?></td>
</tr>
<tr>
<td class="info">Afbeelding uploaden:</td>
<td><input name="userfile" type="File" class="box" id="userfile" size="15"></td>
</tr>
<tr>
<td class="info"> </td>
<td><input name="upload" type="Submit" id="upload" class="dynamic_button" value="Updaten">
<input type="hidden" name="k_id" value="<? echo "$id"; ?>" />
<input name="btnBack" type="button" class="dynamic_button" id="btnBack"
onclick="window.location.href='backend.php?page=klanten';" value="Overzicht" /></td>
</tr>
</table>
</form>
<?php
}
}
?>
Gewijzigd op 01/01/1970 01:00:00 door David david
iemand die het ziet.. blijf hier op vast lopen.. thxn!
Bevat klant id wel een id?
Echo je volledige query bij de error. Dan zie je het zo.
aaah man.. zal je altijd zien.. 1 teken teveel :S.. dat was het! bedankt!
Maar dan wel de variabele buiten quotes halen he ;)
En wat dacht je van sql-injection? Script is lek.