Hey everyone,
Can you take a look at this function and help me find the syntax error?
public function updateItem(){
if(is_numeric($_POST['ID'])){
if(isset($_FILES['image1']['name']) && $_FILES['image1']['name'] != ""){
$image1 = ", image1 = '".mysql_real_escape_string($_FILES['image1']['name'])."'";
}else{
$image1 = '';
}
if(isset($_FILES['image2']['name']) && $_FILES['image2']['name'] != ""){
$image2 = ", image2 = '".mysql_real_escape_string($_FILES['image2']['name'])."'";
}else{
$image2 = '';
}
if(isset($_FILES['image3']['name']) && $_FILES['image3']['name'] != ""){
$image3 = ", image3 = '".mysql_real_escape_string($_FILES['image3']['name'])."'";
}else{
$image3 = '';
}
if(isset($_FILES['image4']['name']) && $_FILES['image4']['name'] != ""){
$image4 = ", image4 = '".mysql_real_escape_string($_FILES['image4']['name'])."'";
}else{
$image4 = '';
}
$sql = "UPDATE tbl_items SET
catID = '".mysql_real_escape_string($_POST['catID'])."',
name = '".mysql_real_escape_string($_POST['name'])."',
description = '".mysql_real_escape_string($_POST['description'])."',
price = '".mysql_real_escape_string($_POST['price'])."',
colours = '".mysql_real_escape_string($_POST['colours'])."',
".$image1."
".$image2."
".$image3."
".$image4.",
google = '".mysql_real_escape_string($_POST['google'])."',
date_added = now()
WHERE ID = ".$_POST['ID']."";
$result = mysql_query($sql) or die(mysql_error());
return $result;
}else{
die('ID needs to be numeric');
}
}
I get this error when i try to update:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’ google = ‘’, date_added = now() ’ at line 10
This is only when i do not update any images, i also get a similar syntax error when i try to update the images. Can you see where i am going wrong?
Thanks again