-4

When i try to execute the code below it shows the error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','','','')' at line 1

$result = mysql_query("REPLACE INTO templates (id,title,subtitle,background,image,image2,image3,image4,image5,image6,createdby) VALUES ('$id','$title','$subtitle','$background','$image','$image2','$image3','$image4,'$image5','$image6','$fbuid')");
if (!$result) {
    die('Invalid query: ' . mysql_error());
}


But the code below works totally fine:

mysql_query("REPLACE INTO Users (fbuid,username,email,token) VALUES ('$fbuid', '$name', '$email', '$token')");


What can be the issue?

Madhawa Priyashantha
  • 9,208
  • 7
  • 28
  • 58
Sukhchain Singh
  • 31
  • 7
  • you can refer to the earlier post to update data http://stackoverflow.com/questions/10177208/update-a-column-value-replacing-part-of-a-string Hope this help you. – Rohit shah Nov 19 '16 at 04:34
  • 2
    I have asked myself this too many times, perhaps you can comment below. Why are you using `mysql_*()` functions? – Xorifelse Nov 19 '16 at 04:34
  • if `$id` is your primary key you need not to insert it you can leave it as a blank like this `mysql_query("REPLACE INTO templates (id,title,subtitle,background,image,image2,image3,image4,image5,image6,createdby) VALUES (' ','$title','$subtitle','$background','$image','$image2','$image3','$image4,'$image5','$image6','$fbuid')");` –  Nov 19 '16 at 04:35
  • @EaBangalore Let me rephrase the question. Why are you using `mysql_query()` – Xorifelse Nov 19 '16 at 04:37
  • 3
    I am being ignored here, once again. Its like "questioneers" know using `mysql_query()` is wrong, but they tend to go around it in a huge freaking circle (diameter of Jupiter) and ignore every comment on it. – Xorifelse Nov 19 '16 at 04:43
  • 2
    @Xorifelse i fell your pain –  Nov 19 '16 at 04:44
  • 2
    @Dagon Let's share it together :) – Xorifelse Nov 19 '16 at 04:45
  • 1
    @Xorifelse If only the PHP manual had a giant warning somewhere that could alert people to the fact that these functions have been deprecated for years..... [oh wait](http://php.net/manual/en/function.mysql-connect.php) – maiorano84 Nov 19 '16 at 04:50

1 Answers1

0

Actually I was missing a ' sign after $image4… problem solved.

M Somerville
  • 3,938
  • 25
  • 37
Sukhchain Singh
  • 31
  • 7
  • *Please* do not wildly put user data into SQL statements as you have done, it is an obvious potential security hole. If $title comes from a user and contains an apostrophe, they can break out of your SQL and e.g. potentially delete your entire database. Please read the PHP manual on how to use placeholders, e.g. using http://php.net/manual/en/mysqli.quickstart.prepared-statements.php (or PDO version) or if you must, mysql_real_escape_string. – M Somerville Nov 19 '16 at 08:26