0

Good Morning All,

I need some help and guidance on a project I'm working on, I am having problems with the following code below, I have been trying to figure it out for days and cannot see anything wrong with it, I am getting the following error when processing the form below, and I am lost where to go from here :(

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''', stage_two='', stage_two_date='', mig_wiz='', mig_wiz_date='', old_mbox_del='' at line 1

<?php
include('config.inc');

$createdby =  mysql_real_escape_string( $_POST['createdby'] );
$owner = mysql_real_escape_string( $_POST['owner'] );
$exist_cust = $_POST['exist_cust'];
$new_cust = $_POST['new_cust'];
$intro = $_POST['intro'];
$intro_date = mysql_real_escape_string( $_POST['intro_date'] );
$mx = $_POST['mx'];
$mx_date = mysql_real_escape_string( $_POST['mx_date'] );
$stage_one = $_POST['stage_one'];
$stage_one_date = mysql_real_escape_string( $_POST['stage_one_date'] );
$cust_contact = $_POST['cust_contact'];
$cust_contact_date = mysql_real_escape_string( $_POST['cust_contact_date'] );
$srv = $_POST['srv'];
$srv_date = mysql_real_escape_string( $_POST['srv_date'] );
$stage_two = $_POST['stage_two'];
$stage_two_date = mysql_real_escape_string( $_POST['stage_two_date'] );
$mig_wiz = $_POST['mig_wiz'];
$mig_wiz_date = mysql_real_escape_string( $_POST['mig_wiz_date'] );
$old_mbox_del = $_POST['old_mbox_del'];
$old_mbox_del_date = mysql_real_escape_string( $_POST['old_mbox_del_date'] );
$completed = $_POST['completed'];
$completed_date = mysql_real_escape_string( $_POST['completed_date'] );
$status = mysql_real_escape_string( $_POST['status'] );
$username = mysql_real_escape_string( $_POST['username'] );
$staff_email = mysql_real_escape_string( $_POST['staff_email'] );
$client_id = mysql_real_escape_string( stripslashes( $_POST[ 'client_id' ] ) );
$contact_name = mysql_real_escape_string( stripslashes( $_POST[ 'contact_name' ] ) );
$contact_email = mysql_real_escape_string( stripslashes( $_POST[ 'contact_email' ] ) );
$pri_domain = mysql_real_escape_string( stripslashes( $_POST[ 'pri_domain' ] ) );
$agree_date = sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']);
$mig_wiz_credits = mysql_real_escape_string( stripslashes( $_POST[ 'mig_wiz_credits' ] ) );
$comment = mysql_real_escape_string( stripslashes( $_POST[ 'comment' ] ) );

mysql_select_db($dbname); 
$sql = ("UPDATE db SET client_id='$client_id', createdby='$createdby', owner='$owner', contact_name='$contact_name', contact_email='$contact_email', exist_cust='$exist_cust', new_cust='$new_cust', pri_domain='$pri_domain', mig_wig_credits='$mig_wiz_crdits', agree_date='$agree_date', intro='$intro', intro_date='$intro_date', mx='$mx', mx_date='$mx_date', stage_one='$stage_one', stage_one_date='$stage_one_date', cust_contact='$cust_contact', cust_contact_date='$cust_contact_date', srv='$srv', srv_date'$srv_date', stage_two='$stage_two', stage_two_date='$stage_two_date', mig_wiz='$mig_wiz', mig_wiz_date='$mig_wiz_date', old_mbox_del='$old_mbox_del', old_mbox_del_date='$old_mbox_del_date', completed='$completed', completed_date='$completed_date', status='$status', comment='$comment', username='$username', staff_email='$staff_email' where client_id='$client_id'");

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: overdue_edit.php?update=1");

mysql_close()

?>

Cheers
Martin

4
Contributors
5
Replies
18
Views
3 Years
Discussion Span
Last Post by urbanthistleuk
0

srv_date'$srv_date',

Edit: REALLY. LOOK at your query String AND the error. The first recongnizable part of thequery in the error String is "stage_two", SO, look at the query String dirctly BEFORE that.

Edited by masijade

0

Urban you could benefit from PDO and a medium (framework or not) delivering the post data. You might thing that the code there after all those lines is secure but is really wide open… You could achieve more security with fewer lines of code … think about it …

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.