Member Avatar for glycerine

I have the following update code but i keep getting a syntax error.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE order_id='105'' at line 21

mysql_query("UPDATE status SET
			id = '". $_POST['id'] ."',
			user_name = '". $_POST['user_name'] ."',
			to_serve_on = '". $_POST['to_serve_on'] ."',
			pri_address = '". $_POST['pri_address'] ."',
			sec_address = '". $_POST['sec_address'] ."',
			alt_address = '". $_POST['alt_address'] ."',
			home_tel = '". $_POST['home_tel'] ."',
			work_tel = '". $_POST['work_tel'] ."',
			cell_tel = '". $_POST['cell_tel'] ."',
			type_of_serve = '". $_POST['type_of_serve'] ."',
			doc_arrival = '". $_POST['doc_arrival'] ."',
			date_received = '". $_POST['date_received'] ."',
			court_name = '". $_POST['court_name'] ."',
			court_address = '". $_POST['court_address'] ."',
			case_number = '". $_POST['case_number'] ."',
			plaintiff = '". $_POST['plaintiff'] ."',
			defendant = '". $_POST['defendant'] ."',
			doc_order_notes = '". $_POST['doc_order_notes'] ."',
			progress = '". $_POST['progress'] ."',
			 WHERE order_id='". $_POST['order_id'] ."'") or die(mysql_error());
  • 3 Contributors
  • 4 Replies
  • 175 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by Will Gresham

Recommended Answers

All 4 Replies

Member Avatar for Will Gresham

Couple of things.

1. Why are you sending unchecked POST values to the database? That is just asking for trouble. Look at SQL injection.
Make sure that the values you receive are the ones you expected, that numbers are numbers etc...

2. Try running the query without single quotes on the numeric value.

Member Avatar for glycerine

Hi xan we had sql injection in but we had simplified the query just to get it going first. Thanks i will look into you suggestion.

Member Avatar for ShawnCplus

You have an extra , right before the WHERE

commented: Nice spot there :) +2
Member Avatar for Will Gresham

You have an extra , right before the WHERE

Good point, missed that one :$

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.