Syntax Error in SQL

PHP
1

Hey everyone,

Can you take a look at this function and help me find the syntax error?



    public function updateItem(){

        if(is_numeric($_POST['ID'])){

        if(isset($_FILES['image1']['name']) && $_FILES['image1']['name'] != ""){
            $image1 = ", image1 = '".mysql_real_escape_string($_FILES['image1']['name'])."'";
        }else{
            $image1 = '';
        }

        if(isset($_FILES['image2']['name']) && $_FILES['image2']['name'] != ""){
            $image2 = ", image2 = '".mysql_real_escape_string($_FILES['image2']['name'])."'";
        }else{
            $image2 = '';
        }

        if(isset($_FILES['image3']['name']) && $_FILES['image3']['name'] != ""){
            $image3 = ", image3 = '".mysql_real_escape_string($_FILES['image3']['name'])."'";
        }else{
            $image3 = '';
        }

        if(isset($_FILES['image4']['name']) && $_FILES['image4']['name'] != ""){
            $image4 = ", image4 = '".mysql_real_escape_string($_FILES['image4']['name'])."'";
        }else{
            $image4 = '';
        }
		
        $sql = "UPDATE tbl_items SET
                    catID = '".mysql_real_escape_string($_POST['catID'])."',
                    name = '".mysql_real_escape_string($_POST['name'])."',
                    description = '".mysql_real_escape_string($_POST['description'])."',
                    price = '".mysql_real_escape_string($_POST['price'])."',
                    colours = '".mysql_real_escape_string($_POST['colours'])."',
                    ".$image1."
                    ".$image2."
                    ".$image3."
                    ".$image4.",
                    google = '".mysql_real_escape_string($_POST['google'])."',
                    date_added = now()
                    WHERE ID = ".$_POST['ID']."";

            $result = mysql_query($sql) or die(mysql_error());
            return $result;
        }else{
            die('ID needs to be numeric');
        }
    }

I get this error when i try to update:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’ google = ‘’, date_added = now() ’ at line 10

This is only when i do not update any images, i also get a similar syntax error when i try to update the images. Can you see where i am going wrong?

Thanks again

2

Do an echo of $sql and post the result here.

3

Print the SQL query and copy it. Goto to phpmyadmin and paste it in the SQL tab and find the exact error in your SQL and then alter the PHP coding accordingly.

4

Hey,

Here it is:

UPDATE tbl_items SET catID = ‘3’, name = ‘Hello’, description = ‘sdgdsg’, price = ‘3.00’, colours = ‘sdgd’, , google = ‘’, date_added = now() WHERE ID = 4

5

looks like two commas in a row to me

one right after colours = ‘sdgd’ and the second one just before google = ‘’

i.e. exactly where the error message told you to look

:slight_smile:

6

Hey,

I have managed to get that working, however when i upload an image i get another syntax error, i have give an output of the sql:

UPDATE tbl_items SET catID = ‘3’, name = ‘This is a test’, description = ‘Testing’, price = ‘3.00’, colours = ‘Black’, , image1 = ‘about2.jpg’ google = ‘’, date_added = now() WHERE ID = 3

I need to change this line:


        if(isset($_FILES['image1']['name']) && $_FILES['image1']['name'] != ""){
            $image1 = ", image1 = '".mysql_real_escape_string($_FILES['image1']['name'])."'";
        }else{
            $image1 = '';
        }

Then i can apply the same change to all 4 image uploads. Can you see how i need to change this?

Thanks again

7

You put all your comma’s at the end, do the same when you create the $image1, $image2, ecc. variables:


if (isset($_FILES['image1']['name']) && $_FILES['image1']['name'] != "") {
  $image1 = " image1 = '".mysql_real_escape_string($_FILES['image1']['name'])."', ";
} else {
  $image1 = '';
}
8

Thanks thats worked perfectly for me :slight_smile:

Thanks again