PHP MYSQL image update is not working saying "You have an error in your SQL syntax"

Question

This is driving me crazy! I have stayed for 2 nights trying to solve this error. I also searched this problem all over "Google" can't seem to find the right answer.

I want to update image using PHP. The code seems to be working with the sole exception of the error message that says:

"43ERROR: Could not able to execute 1. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1".

Please help me! I will be very thankful.:)

<?php include('../db_connect.php'); 
echo $id = $_GET['id'];

$sql = mysqli_query($con, "
SELECT * 
  FROM `blog_posts` 
 WHERE post_id='$id'");
$row = mysqli_fetch_array($sql);

    //-------------------WHEN SUBMIT BUTTON IS CLICKED------------------------
    if(isset($_POST['submit'])){
        $post_title = $_POST['posttitle'];
        $content = $_POST['content'];
        $author_name = $_POST['authorname'];
        $category = $_POST['category'];
        if(isset($_FILES['image']['name']) && ($_FILES['image']['name'] !="")){
            $size=$_FILES['image']['size'];
            $temp=$_FILES['image']['tmp_name'];
            $type=$_FILES['image']['type'];
            $image_name=$_FILES['image']['name'];
            unlink("../images/"."$image_name");

            move_uploaded_file($temp,"../images/$image_name");
        }

    //-------------------UPDATE POST------------------------

        $edit = mysqli_query($con, "
UPDATE blog_posts 
   SET post_title='$post_title'
     , content='$content'
     , author_name='$author_name'
     , category='$category'
     , post_date=now()
     , image='$image_name' 
 WHERE post_id='$id'
");
        if(mysqli_query($con, $edit)){
            echo "date updated successfully";
        } else{
            echo "ERROR: Could not able to execute $edit. " . mysqli_error($con);
        }
    }

?>

<form action="edit.php?id=<?php echo $row['post_id']; ?>" method="post" enctype="multipart/form-data">      
                <input type="hidden" name="size" value="1000000" />
                <input type="text" name="posttitle" value="<?php echo $row['post_title'];?>" /><br />
                <textarea name="content"><?php echo $row['content'];?></textarea><br />
                <input type="text" name="authorname" value="<?php echo $row['author_name'];?>"/><br />
                <input type="text" name="category" value="<?php echo $row['category'];?>"><br />
                <img src="../images/<?php echo $row['image'];?>" />
                <input type="file" name="image" /><br />
                <button type="submit" name="submit" >Post</button>                  
            </form>

Answer 1

The answer is (fairly) a simple one and it may sound rather odd to you, but that in a sense meant that your query did in fact execute.

Now, the reason you're getting that 1 as per the right syntax to use near '1' (error) message, is that you used mysqli_query() twice, right in here:

        $edit = mysqli_query($con, "
                ^^^^^^^^^^^^ Here
UPDATE blog_posts 
   SET post_title='$post_title'
     , content='$content'
     , author_name='$author_name'
     , category='$category'
     , post_date=now()
     , image='$image_name' 
 WHERE post_id='$id'
");
        if(mysqli_query($con, $edit)){
           ^^^^^^^^^^^^ and here
            echo "date updated successfully";
        }

What you need to do is to change that if statement to:

if($edit){
// handle your method here.
}

Btw, you're open to a serious sql injection; use a prepared statement if you value your work and userbase.

• https://en.wikipedia.org/wiki/Prepared_statement