php - I require assistance with a SQL syntax error -


i writing code register , login system, , when testing receiving errors, there one:

"you have error in sql syntax; check manual corresponds mariadb server version right syntax use near 'where username = ''' @ line 1"

could please tell me means , solve it. here code in update-profile.php

<?php session_start(); ini_set("display_errors",1); $temp=$_session['username']; if(isset($_post)){     require 'database1.php';     $destination = 'background-images';     if(!isset($_files['backgroundimagefile']) || !is_uploaded_file($_files['backgroundimagefile']['tmp_name'])){         $backgroundnewimagename= 'background.jpg';         move_uploaded_file($_files['backgroundimagefile']['tmp_name'], "$destination/$backgroundnewimagename");     }     else{         $randomnum = rand(0, 9999999999);         $imagename = str_replace(' ','-',strtolower($_files['backgroundimagefile']['name']));         $imagetype = $_files['backgroundimagefile']['type'];         $imageext = substr($imagename, strrpos($imagename, '.'));         $imageext = str_replace('.','',$imageext);         $imagename      = preg_replace("/\.[^.\s]{3,4}$/", "", $imagename);         $backgroundnewimagename = $imagename.'-'.$randomnum.'.'.$imageext;         move_uploaded_file($_files['backgroundimagefile']['tmp_name'], "$destination/$backgroundnewimagename");     }     $sql1="update users set backgroundpicture='$backgroundnewimagename' username = '$temp'";     $sql2="insert users (backgroundpicture) values ('$backgroundnewimagename') username = '$temp'";     $result = mysqli_query($database,"select * users username = '$temp'");     if( mysqli_num_rows($result) > 0) {         if(!empty($_files['backgroundimagefile']['name'])){             mysqli_query($database,$sql1)or die(mysqli_error($database));             header("edit-profile.php?username=$temp");         }     }      else {         mysqli_query($database,$sql2)or die(mysqli_error($database));         header("edit-profile.php?username=$temp");     }     $destination = 'avatars';     if(!isset($_files['imagefile']) || !is_uploaded_file($_files['imagefile']['tmp_name'])){         $newimagename= 'default.png';         move_uploaded_file($_files['imagefile']['tmp_name'], "$destination/$newimagename");     }     else{         $randomnum   = rand(0, 9999999999);         $imagename = str_replace(' ','-',strtolower($_files['imagefile']['name']));         $imagetype = $_files['imagefile']['type'];         $imageext = substr($imagename, strrpos($imagename, '.'));         $imageext = str_replace('.','',$imageext);         $imagename = preg_replace("/\.[^.\s]{3,4}$/", "", $imagename);         $newimagename = $imagename.'-'.$randomnum.'.'.$imageext;         move_uploaded_file($_files['imagefile']['tmp_name'], "$destination/$newimagename");     }     $sql5="update users set avatar='$newimagename' username = '$temp'";     $sql6="insert users (avatar) values ('$newimagename') username = '$temp'";     $result = mysqli_query($database,"select * users username = '$temp'");     if( mysqli_num_rows($result) > 0) {         if(!empty($_files['imagefile']['name'])){             mysqli_query($database,$sql5)or die(mysqli_error($database));             header("location:edit-profile.php?username=$temp");         }     }      else {         mysqli_query($database,$sql6)or die(mysqli_error($database));         header("location:edit-profile.php?username=$temp");     }       $user_firstname=$_request['firstname'];     $user_lastname=$_request['lastname'];     $user_email=$_request['email'];     $user_password=$_request['password'];     $user_shortbio=$_request['bio'];        $user_dob=$_request['dob'];     $user_gender=$_request['gender'];     $sql3="update user sets firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender', username = '$temp'";         mysqli_query($database,$sql3)or die(mysqli_error($database));         header("edit-profile.php?username=$temp&request=profile-update&status=success"); }

in insert syntax, have used where

$sql6="insert users (avatar) values ('$newimagename') username = '$temp'";

should 

$sql6="insert users (avatar) values ('$newimagename')"; $sql2="insert users (backgroundpicture) values ('$backgroundnewimagename')";

also 

 $sql3="update user sets firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender', username = '$temp'";

should below, remove , before where

$sql3="update user set firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender' username = '$temp'";

and suggest read basic document


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more