dmccabe Posted June 23, 2008 Share Posted June 23, 2008 I am doing something wrong with my syntax, but I cant work out what: $aid = $_POST['AID']; $update = "UPDATE `tbl_corpaccount` SET `accname` = '". htmlspecialchars($_POST['accname']) ."', `accmgr` = '". htmlspecialchars($_POST['accmgr']) ."', `acctel` = '". htmlspecialchars($_POST['acctel']) ."', `accno` = '". htmlspecialchars($_POST['accno']) ."', `accorderno` = '". htmlspecialchars($_POST['accorderno']) ."', `accemail` = '". htmlspecialchars($_POST['accrmail']) ."', `contname` = '". htmlspecialchars($_POST['contname']) ."', `conttel` = '". htmlspecialchars($_POST['conttel']) ."', `email_cofirm` = '". htmlspecialchars($_POST['email_confirm']) ."', `cdw` = '". htmlspecialchars($_POST['cdw']) ."', `hoi` = '". htmlspecialchars($_POST['hoi']) ."', `delhours` = '". htmlspecialchars($_POST['dellhours']) ."', `delradius` = '". htmlspecialchars($_POST['delradius']) ."', `delcharge` = '". htmlspecialchars($_POST['delcharge']) ."', `delfreemiles` = '". htmlspecialchars($_POST['delfreemiles']) ."', `delexcess` = '". htmlspecialchars($_POST['delexcess']) ."', `add_driver_fee` = '". htmlspecialchars($_POST['add_driver_fee']) ."', `colinstructions` = '". htmlspecialchars($_POST['colinstructions']) ."', `pnr` = '". htmlspecialchars($_POST['pnr']) ."', `dorr` = '". htmlspecialchars($_POST['dorr']) ."', `ffr` = '". htmlspecialchars($_POST['ffr']) ."', `fbt` = '". htmlspecialchars($_POST['fbt']) ."', `dl` = '". htmlspecialchars($_POST['dl']) ."', `cc` = '". htmlspecialchars($_POST['cc']) ."', `mrt` = '". htmlspecialchars($_POST['mrt']) ."', `il` = '". htmlspecialchars($_POST['il']) ."', WHERE aid = '$aid' "; Gives me: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE aid = '10'' at line 1 Quote Link to comment https://forums.phpfreaks.com/topic/111501-solved-updating-values-in-mysql-db-wrong-syntax/ Share on other sites More sharing options...
.josh Posted June 23, 2008 Share Posted June 23, 2008 think you need to take out that last comma before WHERE edit: I also suggest you clean your variables before sending them to your database. That script is begging for sql injection. Quote Link to comment https://forums.phpfreaks.com/topic/111501-solved-updating-values-in-mysql-db-wrong-syntax/#findComment-572230 Share on other sites More sharing options...
dmccabe Posted June 23, 2008 Author Share Posted June 23, 2008 tis quite ok with the SQL injection as this is for an internal web page that has no need of being secure as it is only accessible by the 1 person who is allowed to use it. also you were correct with the comma, thank you very much Quote Link to comment https://forums.phpfreaks.com/topic/111501-solved-updating-values-in-mysql-db-wrong-syntax/#findComment-572292 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.