ページの保存中にエラーが発生しました。カスタムビルドCMS

Question

私はPHPベースのカスタムCMSを持っています。ページを編集して保存しようとすると、次のエラーが表示されます。

You have an error in your SQL syntax; check the manual that 
corresponds to your MariaDB server version for the right syntax 
to use near 'second hand PDF list' in the file named Events, 
viewable from the 'view file' bu' at line 5 

私はほとんどすべてを確認しましたが、わかりません。

以下は、このエラーが発生しているページのコードです。

session_start(); 
    include "../config.php"; 
    include("fckeditor.php"); 
    //$_SESSION['admin_user'] = $admin_username; 
    $admin_user=$_SESSION['admin_user']; 

    if (empty($admin_user)) 
    { 
     header("Location: index.php?action=not_sign"); 
    } 

    if (isset($_POST["mode"])) 
    { 
     if ($_POST["mode"] == "edit_cmspage") 
     { 
      $page_id = $_POST['page_id']; 
      $page_title = $_POST['page_title']; 
      $keywords = $_POST['keywords']; 
      $page_desc = $_POST['page_desc']; 
      $details = $_POST['details']; 

      $sql = "SELECT * FROM page_info where page_id='$page_id'"; 
      $res = dbquery($sql) or die(mysql_error()); 
      $no = mysql_num_rows($res); 

      if ($no > 0) 
      { 
       $add = "UPDATE `page_info` set 
         `page_title` = '$page_title' , 
         `page_keywords` = '$keywords', 
         `page_desc` = '$page_desc' , 
         `page_content` = '$details' 
         where page_id='$page_id'"; 
       $add_res = dbquery($add) or die(mysql_error()); 

       header("Location: cms_page.php?pg=$pg&action=update"); 
      } 
      else 
      {  
       $add = "INSERT INTO `page_info` (`page_id` , `page_title`, `page_keywords`, `page_desc`, `page_content`) VALUES ('$page_id', '$page_title', '$keywords', '$page_desc', '$details')"; 
       $add_res = dbquery($add) or die(mysql_error()); 

       header("Location: cms_page.php?pg=$pg&action=update"); 
      } 
     } 
    } 


    if (isset($_GET['pg'])) 
    { 
     if ($_GET['pg'] == 'home') 
     { 
      $pageid = 1; 
      $cms_page = 'Home Page'; 
     } 
     if ($_GET['pg'] == 'railways') 
     { 
      $pageid = 2; 
      $cms_page = 'Railways Page'; 
     } 
     if ($_GET['pg'] == 'history') 
     { 
      $pageid = 3; 
      $cms_page = 'History Page'; 
     } 
     if ($_GET['pg'] == 'childrens') 
     { 
      $pageid = 4; 
      $cms_page = 'Childrens Page'; 
     } 
     if ($_GET['pg'] == 'contactus') 
     { 
      $pageid = 5; 
      $cms_page = 'Contact Us Page'; 
     } 
     if ($_GET['pg'] == 'others') 
     { 
      $pageid = 6; 
      $cms_page = 'Others Page'; 
     } 
     if ($_GET['pg'] == 'seconds') 
     { 
      $pageid = 7; 
      $cms_page = 'Seconds Page'; 
     } 
     if ($_GET['pg'] == 'arts') 
     { 
      $pageid = 8; 
      $cms_page = 'Arts Page'; 
     } 
     if ($_GET['pg'] == 'crafts') 
     { 
      $pageid = 9; 
      $cms_page = 'Crafts Page'; 
     } 
     if ($_GET['pg'] == 'terms') 
     { 
      $pageid = 10; 
      $cms_page = 'Terms Page'; 
     } 
     if ($_GET['pg'] == 'local') 
     { 
      $pageid = 11; 
      $cms_page = 'Local History Page'; 
     } 
     if ($_GET['pg'] == 'miscellaneous') 
     { 
      $pageid = 12; 
      $cms_page = 'Miscellaneous Page'; 
     } 
     if ($_GET['pg'] == 'list') 

     { 

      $pageid = 16; 

      $cms_page = 'Second Hand PDF Book list'; 

     } 

     $sql = "SELECT * FROM page_info where page_id='$pageid'"; 
     $res = dbquery($sql); 
     $data = dbfetch($res); 

     $page_title = $data['page_title']; 
     $keywords = $data['page_keywords']; 
     $page_desc = $data['page_desc'];     
     $details = $data['page_content']; 

    } 

    ?> 
    <!DOCTYPE html> 
    <html> 
    <head> 
     <title>Edit</title> 
     <link href="../css/main.css" rel="stylesheet" type="text/css"> 
     <script language="JavaScript"> 

     function Trim(s) 
     { 
      // Remove leading spaces and carriage returns 
      while ((s.substring(0,1) == ' ') || (s.substring(0,1) == '\n') || (s.substring(0,1) == '\r')) 
      { s = s.substring(1,s.length); } 

      // Remove trailing spaces and carriage returns 
      while ((s.substring(s.length-1,s.length) == ' ') || (s.substring(s.length-1,s.length) == '\n') || (s.substring(s.length-1,s.length) == '\r')) 
      { s = s.substring(0,s.length-1); } 

      return s; 
     } 

     function check(fm) 
     { 
      details = Trim(fm.details.value) 
      if(fm.details.value=="") 
      { 
       alert("You can't left blank Description."); 
       return false; 
      } 
      return true; 
     } 
     </script> 
    </head> 
    <body> 
     <table align="center" border="0" cellpadding="0" cellspacing="0" width="900"> 
      <tr bgcolor="#FFFFFF"> 
       <td align="center"><? include('header.php'); ?> 
       </td> 
      </tr> 
      <tr> 
       <td align="center" bgcolor="#FFFFFF"> 
        <table border="0" cellpadding="0" cellspacing="0" width="100%"> 
         <tr> 
          <td align="left" bgcolor="#DD6100" valign="top" width="20%"><? include('menu_bar.php'); ?> 
          </td> 
          <td align="center" valign="top" width="80%"> 
           <table border="0" cellpadding="0" cellspacing="0" width="100%"> 
            <tr> 
             <td width="5%">&nbsp;</td> 
             <td width="90%">&nbsp;</td> 
             <td width="5%">&nbsp;</td> 
            </tr> 
            <tr> 
             <td>&nbsp;</td> 
             <td class="subheader">Edit Home Page</td> 
             <td>&nbsp;</td> 
            </tr> 
            <tr> 
             <td>&nbsp;</td> 
             <td align="center" class="contents"><strong><font color="#0000FF"></font></strong></td> 
             <td>&nbsp;</td> 
            </tr> 
            <tr> 
             <td>&nbsp;</td> 
             <td align="right" class="bold_back">&nbsp;</td> 
             <td>&nbsp;</td> 
            </tr> 
            <tr> 
             <td>&nbsp;</td> 
             <td align="center" class="bold_back"> 
              <table bgcolor="#388A01" border="0" cellpadding="1" cellspacing="0" width="100%"> 
               <tr> 
                <td height=""> 
                 <table border="0" cellpadding="0" cellspacing="0" width="100%"> 
                  <tr> 
                   <td align="center" bgcolor="#FFFFFF" valign="top"> 
                    <table border="0" cellpadding="2" cellspacing="0" width="100%"> 
                     <tbody> 
                      <tr> 
                       <td> 
                        <form action="edit_cmspage.php" method="post" onsubmit="return check(this)"> 
                         <input name="mode" type="hidden" value="edit_cmspage"> <input name="page_id" type="hidden" value="&lt;? echo $pageid; ?&gt;"> <input name="pg" type="hidden" value="&lt;? echo $_GET['pg']; ?&gt;"> 
                         <table border="0" cellpadding="0" cellspacing="3" width="100%"> 
                          <tr> 
                           <td class="contents" width="13%"><strong>Title</strong></td> 
                           <td width="87%"><span class="admin_in"><input class="INPUT" name="page_title" size="70" type="text" value="<?php echo $page_title;?>"></span></td> 
                          </tr> 
                          <tr> 
                           <td class="contents"><strong>Keywords</strong></td> 
                           <td><span class="admin_in"><input class="INPUT" name="keywords" size="70" type="text" value="<?php echo $keywords; ?>"></span></td> 
                          </tr> 
                          <tr> 
                           <td class="contents"><strong>Description</strong></td> 
                           <td><span class="admin_in"><input class="INPUT" name="page_desc" size="70" type="text" value="<?php echo $page_desc; ?>"></span></td> 
                          </tr> 
                          <tr> 
                           <td>&nbsp;</td> 
                           <td height="25"><?php 
                                      $oFCKeditor = new FCKeditor('details') ; 
                                      $oFCKeditor->BasePath = ""; 
                                      //$oFCKeditor->BasePath = "../../../"; 
                                      $oFCKeditor->Value = $details; 
                                      $oFCKeditor->Width = '100%' ; 
                                      $oFCKeditor->Height = '450' ; 
                                      $oFCKeditor->Create() ; 
                                     ?></td> 
                          </tr> 
                          <tr> 
                           <td>&nbsp;</td> 
                           <td height="25">&nbsp;</td> 
                          </tr> 
                          <tr> 
                           <td>&nbsp;</td> 
                           <td> 
                            <input name="imageField" src="images/btn_save.jpg" type="image"> <a href="cms_page.php?pg=%3C?=%20$_GET['pg'];%20?%3E"><img alt="Cancel" border="0" height="25" src="images/btn_cancel.jpg" width="80"></a> 
                           </td> 
                          </tr> 
                         </table> 
                        </form> 
                       </td> 
                      </tr> 
                     </tbody> 
                    </table> 
                   </td> 
                  </tr> 
                 </table> 
                </td> 
               </tr> 
              </table> 
             </td> 
             <td>&nbsp;</td> 
            </tr> 
            <tr> 
             <td height="20">&nbsp;</td> 
             <td>&nbsp;</td> 
             <td>&nbsp;</td> 
            </tr> 
            <tr> 
             <td>&nbsp;</td> 
             <td>&nbsp;</td> 
             <td>&nbsp;</td> 
            </tr> 
           </table> 
          </td> 
         </tr> 
        </table> 
       </td> 
      </tr> 
      <tr bgcolor="#FFFFFF"> 
       <td align="center"><? include('footer.php'); ?> 
       </td> 
      </tr> 
     </table> 
    </body> 
    </html> 

Answer 1

エラーが発生したSQLを見てみましょう。私はあなたがそれに何か引用やエスケープせずに$cms_pageを入れて賭けるでしょう。