You have an error in your SQL syntax at line 1

I am trying to do a database update with php and I am getting a syntax error. I have looked and looked and cannot find what the issue could be…

Error

 have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near  '' at line 1
UPDATE `new_equip`

EditPost.php

<?php
ob_start();

// contact to database


$host = "localhost";
$username   = "admin";
$password   = "pass";
$database="database";


mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$insert_data = mysql_real_escape_string($input_data);

$id= intval($_POST['EditID']);
//echo $id;exit();
$itemname= strip_tags($_POST['itemname']);
$model= strip_tags($_POST['model']);
$serial= strip_tags($_POST['serial']);
$year= strip_tags($_POST['year']);
$desc= $_POST['desc'];
$dimension= strip_tags($_POST['dimension']);
$location= strip_tags($_POST['location']);
$price= intval($_POST['price']);
$purchase= strip_tags($_POST['purchase']);
$year= intval($_POST['year']);
$addedby= intval($_POST['addedby']);
$notes= strip_tags($_POST['notes']);
$ran= strip_tags($_POST['ran']);
$electrical= strip_tags($_POST['electrical']);
$owner= strip_tags($_POST['owner']);
$manufactuer= strip_tags($_POST['manufactuer']);
$condition= strip_tags($_POST['condition']);
$EditID= intval($_POST['EditID']);
$category= strip_tags($_POST['category']);
$redirect = "inventory.php?Msg=Update";
$featured = strip_tags($_POST['featured']);



			$query = "UPDATE `new_equip` SET `itemname`='$itemname',`manufactuer`='$manufactuer',`model`='$model',`serial`='$serial',`year`='$year',`category`='$category',`electrical`='$electrical',`desc`='$desc',`dimension`='$dimension',`location`='$location',`price`='$price',`condition`='$condition',`ran`='$ran',`addedby`='$addedby',`purchase`='$purchase',`notes`='$notes',`owner`='$owner',`featured`='on'WHERE `id`='$id' LIMIT 1";
			
 mysql_query($query)  or die(mysql_error() . "<br />" . $query);


// Redirect
header("Location: " . $redirect);

ob_flush();
?>

I know I should switch to mysqli and I tried but I BOMBED bad. I couldnt get it to work.

To add variables don’t you have to do something like this?

“string here”.$addingVar.“continuing string”;

None of your variables have the periods.

I figured out what it was. When I am updating the item, I was using a ’ for like “the tree is 7’ tall”.

Fixed it with mysql_real_escape_string but now my database is not updating.

If you’re not yet commited to using mysqli then PDO is an alternative.

That article should help you migrate over to PDO

I’d also suggest looking at PDO, for one thing the quoting seems to get handled for you. You’re converting the id into an int when you take the value from the form, but then surrounding it in quotes in the update query, and I don’t know whether that’s causing the problem.

There are only two spots where he is concatenating, and the dots are there. No problem with that.

Am I going blind then?

$query = "UPDATE `new_equip` SET `itemname`='$itemname',`manufactuer`='$manufactuer',

(Just one example. Also note I do not claim to be good in PHP.)

Check the PHP documentation on strings. I’ll quote:

The most important feature of double-quoted strings is the fact that variable names will be expanded.

This is in a MySQL statement though. You don’t have to concatenate the variables, you can enclose them in single quotes if they are strings, but not if they are integers.

eg http://stackoverflow.com/questions/16704926/php-mysql-query-for-updating-row-in-table-using-variables

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.