PHP+MYSQL: Problem with Update query

I'm having problems running this query. I keep on getting t开发者_Go百科he error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read = 'readd' WHERE user_id = '1' LIMIT 1' at line 1

The code

 $conn = mysql_connect('localhost', 'admin', 'root') or die(mysql_error());
    mysql_select_db('main') or die(mysql_error());

 $read = "message read";

 $set_statuss = "UPDATE inbox ".
            "SET read = '".$read."' ".
            "WHERE user_id = '".$_SESSION['user_id']."' ".
            "LIMIT 1";

Edit: This is the table:

 CREATE TABLE `inbox` (
 `inbox_id` int(5) NOT NULL auto_increment,
 `posted_to` int(5) NOT NULL,
 `posted_by` int(5) NOT NULL,
 `subject` text NOT NULL,
 `message` text NOT NULL,
 `date_posted` datetime NOT NULL,
 `read` text NOT NULL,
 PRIMARY KEY  (`inbox_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

Edit: Updated the query, but now the PHP is just appearing as white..

 $read = "read";

 $set_statuss = "UPDATE inbox ".
            "SET read = '".$read."' ".
            "WHERE posted_to = '{$_SESSION['user_id']}' AND inbox_id = '".$_GET['msg_id'];."' ";

 mysql_query($set_statuss) or die(mysql_error() . $set_statuss);

And the url in the address bar:

 http://localhost:8888/wmin/msg.php?user_id=1&msg_id=2

Does anyone see where i'm going wrong? Thanks!

I think it may be taking read as a keyword, try stropping it, i.e., using `` backquotes around it (effing hard to express in SO's markdown language;-).

For one thing, it would make your code easier to read if you used a heredoc. For another, why are you limiting this to 1 row? How do you know which row you're updating?

You should report errors from the mysql_query() call to see what exactly went wrong. I assume $_SESSION['user_id'] is a number? If it's not defined the query will fail, which is why you should log and/or report the error and the SQL.

$conn = mysql_connect('localhost', 'admin', 'root') or die(mysql_error());
mysql_select_db('main') or die(mysql_error());

$read = "message read";
$sql = <<<END
UPDATE inbox
SET read = `$read`
WHERE user_id = $_SESSION[user_id]
END;
mysql_query($sql) or die(mysql_error() . ': ' . $sql);

For security purpose I suggest you use sprintf function to pass the parameter.

$q = sprintf("UPDATE inbox SET `read` = '%s' WHERE `user_id` = %d LIMIT 1",
                    $read, $_SESSION['user_id']); 

Hey guys figured out what was wrong:

 $read = "message read";

 $set_statuss = "UPDATE inbox ".
            "SET readd = '".$read."' ".
            // changed $_SESSION to $_GET and the ';' after msg_id GET 
            "WHERE posted_to = '{$_SESSION['user_id']}' AND inbox_id = '".$_GET['msg_id'];."' ";

 mysql_query($set_statuss) or die(mysql_error() . $set_statuss);

Thanks everyone!