#26855 [Com]: UPDATE query unexplicable behavior

Wed, 12 May 2004 01:05:50 -0700 

 ID:               26855
 Comment by:       bugs dot php dot net at emailfilter dot de
 Reported By:      superzouz at hotmail dot com
 Status:           Bogus
 Bug Type:         MySQL related
 Operating System: various
 PHP Version:      4.3.4
 New Comment:

You can't use mysql_real_escape_string() for the full query. The
correct way would be:
$query = "UPDATE config_intranet SET confvalue = '" .
mysql_real_escape_string('192.168.0.1' ) . "' WHERE confkey = '" .
mysql_real_escape_string('vpn_server_ip') . "'";


Previous Comments:
------------------------------------------------------------------------

[2004-01-09 14:04:16] [EMAIL PROTECTED]

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

You see the \\\' in the error message? That\'s why.

See http://www.php.net/mysql_real_escape_string


------------------------------------------------------------------------

[2004-01-09 13:44:53] superzouz at hotmail dot com

Description:
------------
When I run the following query through PHP:
UPDATE config_intranet SET confvalue = '192.168.0.1' WHERE confkey
'vpn_server_ip'  
I get the following error.
1064: You have an error in your SQL syntax near 'query' at line 1

But if I type the same query directly into MySQL, it is executed
correctly!

I was able to reproduce this situation on my PC (Windows XP SP1) with
PHP 4.3.4 and MySQL "client api version 3.23.49", and on 2 internet
hosting providers running PHP 4.x with mySql on *nix systems, so it is
not an issue with my configuration.

There is nothing in the official PHP docs stating that a query would be
handled differently by PHP and MySQL.

Thanks

Reproduce code:
---------------
$conn = mysql_connect ( "localhost", "rolfen" , "" );
mysql_select_db("dergham", $conn);
$query = mysql_real_escape_string("UPDATE config_intranet SET confvalue
= '192.168.0.1'  WHERE confkey = 'vpn_server_ip'");
$res = mysql_query(query, $conn);

                if ($res)
                        echo "success";
                else {
                        die("Error while updating config table. Error Output: <br/>".
mysql_errno() . ": " . mysql_error(). "<br/>"."Query
follows:<br/>".$query);
                        return False;
                        }
?>

Expected result:
----------------
success

Actual result:
--------------
Content-type: text/html

X-Powered-By: PHP/4.3.2



X-Powered-By: PHP/4.3.2

Content-type: text/html



Error while updating config table. Error Output: <br/>1064: You have an
error in your SQL syntax near 'query' at line 1<br/>Query
follows:<br/>UPDATE config_intranet SET confvalue = \'192.168.0.1\' 
WHERE confkey = \'vpn_server_ip\'


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26855&edit=1

Reply via email to