I copied and loaded the example from Try It Out 3 and it seems to work until I want to update my user file. When I hit "Update" at the bottom I get this:

"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3"

Can anyone suggest how to fix this?

__________________
An overworked Web Developer who\'s expected to know everything yet given time to study nothing.

I don't have the book... can I see the relevant code?

Snib

<><

here is the file that seems to be having trouble:

--start code--

<?php
session_start();
include "auth_user.inc.php";
include "conn.inc.php";
?>
<html>
<head>
     <title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Update Account Information</h1>
Here you can update your account information for viewing in your profile.<br><br>
<?php
if ($_POST['submit'] == "Update")
{
     $query_update = "UPDATE user_info SET email = '" . $_POST['email'] . "', city
          = '" . $_POST['city'] . "', state = '" . $_POST['state'] . "', hobbies =
          '" . implode(", ", $_POST['hobbies']) . "' WHERE username = '" .
          $_SESSION['user_logged']. "' AND password = (password('" .
          $_SESSION['user_password'] . "';";
     $result_update = mysql_query($query_update) or die(mysql_error());

     $query = "SELECT * FROM user_info WHERE username = '" .
          $_SESSION['user_logged']. "' AND password = (password('" .
          $_SESSION['user_password'] . "'));";
     $result = mysql_query($query) or die(mysql_error());

     $row = mysql_fetch_array($result);
     $hobbies = explode(", ", $row['hobbies'])
?>
     <b>Your account information has been updated.</b><br>
     <a href="user_personal.php">Click here</a> to return to your account.
     <form action="update_account.php" method="post">
     Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
     City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
     State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
     Hobbies/Interests: (choose at least one)<br>
     <select name="hobbies[]" size="10" multiple>
     <option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
 ?>>Golfing</option>
     <option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
          ?>>Hunting</option>
     <option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
          ?>>Reading</option>
     <option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
          ?>>Dancing</option>
     <option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
          selected"; ?>>Internet</option>
     <option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
          ?>>Flying</option>
     <option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
          selected"; ?>>Traveling</option>
     <option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
          selected"; ?>>Exercising</option>
     <option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
          selected"; ?>>Computers</option>
     <option value="Other Than Listed"<?php if (in_array("Other Than Listed",
          $hobbies)) echo " selected"; ?>>Other Than Listed</option>
     </select><br><br>
     <input type="submit" name="submit" value="Update"> &nbsp; <input type="button"
          value="Cancel" onclick="history.go(-1);">
     </form>
<?php
}
else
{
     $query = "SELECT * FROM user_info WHERE username = '" .
$_SESSION['user_logged']. "' AND password = (password('" . $_SESSION['user_password'] . "'));";
     $result = mysql_query($query) or die(mysql_error());

     $row = mysql_fetch_array($result);
     $hobbies = explode(", ", $row['hobbies'])
?>
     <form action="update_account.php" method="post">
     Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
     City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
     State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
     Hobbies/Interests: (choose at least one)<br>
     <select name="hobbies[]" size="10" multiple>
     <option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
 ?>>Golfing</option>
     <option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
 ?>>Hunting</option>
     <option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
 ?>>Reading</option>
     <option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
 ?>>Dancing</option>
     <option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
 selected"; ?>>Internet</option>
     <option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
 ?>>Flying</option>
     <option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
 selected"; ?>>Traveling</option>
     <option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
 selected"; ?>>Exercising</option>
     <option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
 selected"; ?>>Computers</option>
     <option value="Other Than Listed"<?php if (in_array("Other Than Listed"
, $hobbies)) echo " selected"; ?>>Other Than Listed</option>
     </select><br><br>
     <input type="submit" name="submit" value="Update"> &nbsp; <input type="button"
 value="Cancel" onclick="history.go(-1);">
     </form>
<?php
}
?>
</body>
</html>

--end code--

Try echo-ing $query_update and see what it ends up containing.

HTH,

Snib

<><

You're missing a few parenthesis here:

AND password = (password('" .
          $_SESSION['user_password'] . "'));";

In the $query_update query.

HTH!



Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::

Thanks! Problem solved.