Good Morning All,

I need some help and guidance on a project I'm working on, I am having problems with the following code below, I have been trying to figure it out for days and cannot see anything wrong with it, I am getting the following error when processing the form below, and I am lost where to go from here :(

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''', stage_two='', stage_two_date='', mig_wiz='', mig_wiz_date='', old_mbox_del='' at line 1

<?php
include('config.inc');

$createdby =  mysql_real_escape_string( $_POST['createdby'] );
$owner = mysql_real_escape_string( $_POST['owner'] );
$exist_cust = $_POST['exist_cust'];
$new_cust = $_POST['new_cust'];
$intro = $_POST['intro'];
$intro_date = mysql_real_escape_string( $_POST['intro_date'] );
$mx = $_POST['mx'];
$mx_date = mysql_real_escape_string( $_POST['mx_date'] );
$stage_one = $_POST['stage_one'];
$stage_one_date = mysql_real_escape_string( $_POST['stage_one_date'] );
$cust_contact = $_POST['cust_contact'];
$cust_contact_date = mysql_real_escape_string( $_POST['cust_contact_date'] );
$srv = $_POST['srv'];
$srv_date = mysql_real_escape_string( $_POST['srv_date'] );
$stage_two = $_POST['stage_two'];
$stage_two_date = mysql_real_escape_string( $_POST['stage_two_date'] );
$mig_wiz = $_POST['mig_wiz'];
$mig_wiz_date = mysql_real_escape_string( $_POST['mig_wiz_date'] );
$old_mbox_del = $_POST['old_mbox_del'];
$old_mbox_del_date = mysql_real_escape_string( $_POST['old_mbox_del_date'] );
$completed = $_POST['completed'];
$completed_date = mysql_real_escape_string( $_POST['completed_date'] );
$status = mysql_real_escape_string( $_POST['status'] );
$username = mysql_real_escape_string( $_POST['username'] );
$staff_email = mysql_real_escape_string( $_POST['staff_email'] );
$client_id = mysql_real_escape_string( stripslashes( $_POST[ 'client_id' ] ) );
$contact_name = mysql_real_escape_string( stripslashes( $_POST[ 'contact_name' ] ) );
$contact_email = mysql_real_escape_string( stripslashes( $_POST[ 'contact_email' ] ) );
$pri_domain = mysql_real_escape_string( stripslashes( $_POST[ 'pri_domain' ] ) );
$agree_date = sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']);
$mig_wiz_credits = mysql_real_escape_string( stripslashes( $_POST[ 'mig_wiz_credits' ] ) );
$comment = mysql_real_escape_string( stripslashes( $_POST[ 'comment' ] ) );

mysql_select_db($dbname); 
$sql = ("UPDATE db SET client_id='$client_id', createdby='$createdby', owner='$owner', contact_name='$contact_name', contact_email='$contact_email', exist_cust='$exist_cust', new_cust='$new_cust', pri_domain='$pri_domain', mig_wig_credits='$mig_wiz_crdits', agree_date='$agree_date', intro='$intro', intro_date='$intro_date', mx='$mx', mx_date='$mx_date', stage_one='$stage_one', stage_one_date='$stage_one_date', cust_contact='$cust_contact', cust_contact_date='$cust_contact_date', srv='$srv', srv_date'$srv_date', stage_two='$stage_two', stage_two_date='$stage_two_date', mig_wiz='$mig_wiz', mig_wiz_date='$mig_wiz_date', old_mbox_del='$old_mbox_del', old_mbox_del_date='$old_mbox_del_date', completed='$completed', completed_date='$completed_date', status='$status', comment='$comment', username='$username', staff_email='$staff_email' where client_id='$client_id'");

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: overdue_edit.php?update=1");

mysql_close()

?>

Cheers
Martin

Recommended Answers

All 5 Replies

srv_date'$srv_date',

Edit: REALLY. LOOK at your query String AND the error. The first recongnizable part of thequery in the error String is "stage_two", SO, look at the query String dirctly BEFORE that.

Looks like you are missing an = sign here:

 srv_date'$srv_date',

Urban you could benefit from PDO and a medium (framework or not) delivering the post data. You might thing that the code there after all those lines is secure but is really wide open… You could achieve more security with fewer lines of code … think about it …

Thanks for your help, have just noticed the missing = that has sorted it,

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.