真的在CONCAT_WS上挣扎...请帮助新手:)

Question

PHP and MYSQL newbie here.....can really use your help right now. I implemented a Submodal into my script, and finally got it to submit "User Notes" into the database. Unfortunately with each new submission, the text that is submitted overwrites the previous submission. I was told to use CONCAT_WS to prevent that from happening...I have been trying for several hours on Dreamweaver to accomplish that but it's not working. Here is my code for that section...

New code with this error:

You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'great'')
WHERE Id=35' at line 1

Code...

 <?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);
?>
<?php require_once('Connections/cms.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) { 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 }

 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) :      
 mysql_escape_string($theValue);
 switch ($theType) {
  case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;    
case "long":
case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
 case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
 case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
 case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
 }
 return $theValue;
}
}

 $editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "lead_note_form")) {
 $updateSQL = sprintf ("UPDATE Leads SET Notes = CONCAT_WS('\n', notes, '%s') WHERE Id=%d",
 GetSQLValueString($_POST['note'], "text"),
 GetSQLValueString($_POST['Id'], "int"));

 mysql_select_db($database_cms, $cms);
 $Result1 = mysql_query($updateSQL, $cms) or die(mysql_error());

 $updateGoTo = "test6.php";
 if (isset($_SERVER['QUERY_STRING'])) {
 $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
 $updateGoTo .= $_SERVER['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $updateGoTo));
}

$colname_Recordset1 = "-1";
(isset($_GET['Id'])) {
$colname_Recordset1 = $_GET['Id'];
}
mysql_select_db($database_cms, $cms);
$query_Recordset1 = sprintf("SELECT Id, First_Name, Last_Name, Notes FROM Leads WHERE Id = %s",    
GetSQLValueString($colname_Recordset1, "int"));
$Recordset1 = mysql_query($query_Recordset1, $cms) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

HTML

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<script language="JavaScript" src="jquery.js" type="text/javascript"></script>

<script>
function clickSubmit() {
$("form").submit();
}
</script>

</head>

<body>

<table><tr><td>

<div id="lead_box">
<form action="<?php echo $editFormAction; ?>" method="POST" name="lead_note_form" id="lead_note_form"
target="_top">   

<input type="hidden" name="Id" id="Id" value="<?php echo $row_Recordset1['Id']; ?>" />
<table width="100%" border="0" cellpadding="0" cellspacing="5">
<tr>
 <td colspan="2" bgcolor="#eeeeee"><p align="center" class="name"></p></td>
 </tr>
 <tr>
 <td><textarea rows="15" style="width: 99%" readonly><?php echo $row_Recordset1['Notes']; ?> 
</textarea></td>  
</tr>
 <tr>
 <td valign="top"><p class="title">Add Note:</p></td>
 <tr>
   <td>
    <textarea name="note" id="note" style="width: 99%" rows="5"></textarea>
  </td>
 </tr>
</table>
<input type="hidden" name="MM_update" value="lead_note_form" />
</form>
</div><!-- and of lead box -->
</td></tr>
 <tr><td>
<div align="right">
<input  type="submit" name="save" id="save" value="Save" onClick="clickSubmit()"/>
<input type="button" name="cancel" id="cancel" value="Cancel" onClick="window.parent.hidePopWin()"/>
</div>
</td></tr></table>



</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Answer 1

First thing I can see is your sprintf() has two substitution parameters but only one placeholder. I'm thinking you actually meant

$updateSQL = sprintf ("UPDATE Leads SET Notes = CONCAT_WS('\n', Notes, %s) WHERE Id=%d",
    GetSQLValueString($_POST['note'], "text"),
    GetSQLValueString($_POST['Id'], "int"));

Also, your GetSQLValueString() function automatically wraps "text" parameters with quotes, so you need to removes the quotes around the placeholders.

I also changed the ID placeholder to %d as I assume you're expecting a number.

You may benefit from enabling error reporting for development. This error (and potentially another regarding the undefined $Notes variable) would have made debugging easier.

Place this at the top of your script (for development only)

ini_set('display_errors', 'On');
error_reporting(E_ALL);

Personal Crusade

Drop the MySQL library and move your code to PDO, you won't look back.

$stmt = $db->prepare('UPDATE Leads SET Notes = CONCAT_WS(:sep, Notes, :note) WHERE Id = :id');
$stmt->execute(array(
    'sep'  => PHP_EOL,
    'note' => $_POST['note'],
    'id'   => $_POST['Id']
));

A Better Approach

Consider storing each note entry in a separate table with a foreign key relationship to the parent "Lead" and creation timestamp. That way, you simply retrieve all the child note entries in creation order and new entries are simply inserted.

CREATE TABLE LeadNotes (
    id         INT NOT NULL AUTO_INCREMENT,
    lead_id    INT,
    note       TEXT,
    created_dt TIMESTAMP,
    PRIMARY KEY (id),
    FOREIGN KEY (lead_id) REFERENCES Leads (Id)
        ON DELETE CASCADE
) ENGINE=INNODB;