Member Avatar for urbanthistleuk

Good Morning All,

I need some help and guidance on a project I'm working on, I am having problems with the following code below, I have been trying to figure it out for days and cannot see anything wrong with it, I am getting the following error when processing the form below, and I am lost where to go from here :(

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''', stage_two='', stage_two_date='', mig_wiz='', mig_wiz_date='', old_mbox_del='' at line 1

<?php
include('config.inc');

$createdby =  mysql_real_escape_string( $_POST['createdby'] );
$owner = mysql_real_escape_string( $_POST['owner'] );
$exist_cust = $_POST['exist_cust'];
$new_cust = $_POST['new_cust'];
$intro = $_POST['intro'];
$intro_date = mysql_real_escape_string( $_POST['intro_date'] );
$mx = $_POST['mx'];
$mx_date = mysql_real_escape_string( $_POST['mx_date'] );
$stage_one = $_POST['stage_one'];
$stage_one_date = mysql_real_escape_string( $_POST['stage_one_date'] );
$cust_contact = $_POST['cust_contact'];
$cust_contact_date = mysql_real_escape_string( $_POST['cust_contact_date'] );
$srv = $_POST['srv'];
$srv_date = mysql_real_escape_string( $_POST['srv_date'] );
$stage_two = $_POST['stage_two'];
$stage_two_date = mysql_real_escape_string( $_POST['stage_two_date'] );
$mig_wiz = $_POST['mig_wiz'];
$mig_wiz_date = mysql_real_escape_string( $_POST['mig_wiz_date'] );
$old_mbox_del = $_POST['old_mbox_del'];
$old_mbox_del_date = mysql_real_escape_string( $_POST['old_mbox_del_date'] );
$completed = $_POST['completed'];
$completed_date = mysql_real_escape_string( $_POST['completed_date'] );
$status = mysql_real_escape_string( $_POST['status'] );
$username = mysql_real_escape_string( $_POST['username'] );
$staff_email = mysql_real_escape_string( $_POST['staff_email'] );
$client_id = mysql_real_escape_string( stripslashes( $_POST[ 'client_id' ] ) );
$contact_name = mysql_real_escape_string( stripslashes( $_POST[ 'contact_name' ] ) );
$contact_email = mysql_real_escape_string( stripslashes( $_POST[ 'contact_email' ] ) );
$pri_domain = mysql_real_escape_string( stripslashes( $_POST[ 'pri_domain' ] ) );
$agree_date = sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']);
$mig_wiz_credits = mysql_real_escape_string( stripslashes( $_POST[ 'mig_wiz_credits' ] ) );
$comment = mysql_real_escape_string( stripslashes( $_POST[ 'comment' ] ) );

mysql_select_db($dbname); 
$sql = ("UPDATE db SET client_id='$client_id', createdby='$createdby', owner='$owner', contact_name='$contact_name', contact_email='$contact_email', exist_cust='$exist_cust', new_cust='$new_cust', pri_domain='$pri_domain', mig_wig_credits='$mig_wiz_crdits', agree_date='$agree_date', intro='$intro', intro_date='$intro_date', mx='$mx', mx_date='$mx_date', stage_one='$stage_one', stage_one_date='$stage_one_date', cust_contact='$cust_contact', cust_contact_date='$cust_contact_date', srv='$srv', srv_date'$srv_date', stage_two='$stage_two', stage_two_date='$stage_two_date', mig_wiz='$mig_wiz', mig_wiz_date='$mig_wiz_date', old_mbox_del='$old_mbox_del', old_mbox_del_date='$old_mbox_del_date', completed='$completed', completed_date='$completed_date', status='$status', comment='$comment', username='$username', staff_email='$staff_email' where client_id='$client_id'");

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: overdue_edit.php?update=1");

mysql_close()

?>

Cheers
Martin

  • 4 Contributors
  • 5 Replies
  • 234 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by urbanthistleuk
Member Avatar for masijade

srv_date'$srv_date',

Edit: REALLY. LOOK at your query String AND the error. The first recongnizable part of thequery in the error String is "stage_two", SO, look at the query String dirctly BEFORE that.

Edited by masijade
Member Avatar for JorgeM

Looks like you are missing an = sign here:

 srv_date'$srv_date',
Member Avatar for jkon

Urban you could benefit from PDO and a medium (framework or not) delivering the post data. You might thing that the code there after all those lines is secure but is really wide open… You could achieve more security with fewer lines of code … think about it …

Member Avatar for urbanthistleuk

Thanks for your help, have just noticed the missing = that has sorted it,

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.