[SOLVED] Newbie PHP/mySQL syntax problem

[ssweb]

I got this code to insert values into a database and can't seem to find the problem in the following code:

 

//php code

 

$sql = "UPDATE chrislistings SET

listing_address = '" . addslashes($_POST['listing_address']) . "',

listing_overview = '" . addslashes($_POST['listing_overview']) . "',

listing_price = '" . addslashes($_POST['listing_price']) . "',

listing_location = '" . addslashes($_POST['listing_location']) . "',

listing_style = '" . addslashes($_POST['listing_style']) . "',

listing_sqrft = '" . addslashes($_POST['listing_sqrft']) . "',

listing_lotwidth = '" . addslashes($_POST['listing_lotwidth']) . "',

listing_lotlength = '" . addslashes($_POST['listing_lotlength']) . "',

listing_year = '" . addslashes($_POST['listing_year']) . "',

listing_taxes = '" . addslashes($_POST['listing_taxes']) . "',

listing_parking = '" . addslashes($_POST['listing_parking']) . "',

listing_exterior = '" . addslashes($_POST['listing_exterior']) . "',

listing_roof = '" . addslashes($_POST['listing_roof']) . "',

listing_heating = '" . addslashes($_POST['listing_heating']) . "',

listing_ac = '" . addslashes($_POST['listing_ac']) . "',

listing_fireplace = '" . addslashes($_POST['listing_fireplace']) . "',

listing_school = '" . addslashes($_POST['listing_school']) . "',

listing_transit = '" . addslashes($_POST['listing_transit']) . "',

listing_bathrooms = '" . addslashes($_POST['listing_bathrooms']) . "',

listing_bedrooms = '" . addslashes($_POST['listing_bedrooms']) . "'

WHERE listing_id = " . addslashes($_GET['listing_id']);

 

//end PHP

 

I actually copied the code from another one of my pages where it worked fine. The only difference is I am entering more values this time. 

 

I get the following error message.

 

Error inserting record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 22

[ssweb]

Oh yeah.. line 22 is the final line "WHERE...."

[revraz]

Quotes messed up here

 

WHERE listing_id = " . addslashes($_GET['listing_id']);

 

You neeed the double at the end of the statement

[pocobueno1388]

You don't have quotes around your $_GET['listing_id'] var, that could be the problem.

 

<?php

$sql = "UPDATE chrislistings SET
   listing_address = '" . addslashes($_POST['listing_address']) . "',
   listing_overview = '" . addslashes($_POST['listing_overview']) . "',
   listing_price = '" . addslashes($_POST['listing_price']) . "',
   listing_location = '" . addslashes($_POST['listing_location']) . "',
   listing_style = '" . addslashes($_POST['listing_style']) . "',
   listing_sqrft = '" . addslashes($_POST['listing_sqrft']) . "',
   listing_lotwidth = '" . addslashes($_POST['listing_lotwidth']) . "',
   listing_lotlength = '" . addslashes($_POST['listing_lotlength']) . "',
   listing_year = '" . addslashes($_POST['listing_year']) . "',
   listing_taxes = '" . addslashes($_POST['listing_taxes']) . "',
   listing_parking = '" . addslashes($_POST['listing_parking']) . "',
   listing_exterior = '" . addslashes($_POST['listing_exterior']) . "',
   listing_roof = '" . addslashes($_POST['listing_roof']) . "',
   listing_heating = '" . addslashes($_POST['listing_heating']) . "',
   listing_ac = '" . addslashes($_POST['listing_ac']) . "',
   listing_fireplace = '" . addslashes($_POST['listing_fireplace']) . "',
   listing_school = '" . addslashes($_POST['listing_school']) . "',
   listing_transit = '" . addslashes($_POST['listing_transit']) . "',
   listing_bathrooms = '" . addslashes($_POST['listing_bathrooms']) . "',
   listing_bedrooms = '" . addslashes($_POST['listing_bedrooms']) . "'
   WHERE listing_id = '" . addslashes($_GET['listing_id']) . "'";

?>

 

Also, you should try echoing the query out in the die error, like so

 

<?php

$query = mysql_query($sql)or die(mysql_error() . "<p>With Query:<br>$sql");

?>

[ssweb]

thanks pocobueno1388 that solved it. However I do have another question when I am attempting to call the same album in a SELECT statement I do not require the quotes

i.e.

WHERE listing_id = " . addslashes($_GET['listing_id']);

 

why would that be?

[pocobueno1388]

Probably because your listing_id variable is a number. If you put quotes around it it would then become a string. So if you are searching for a number, don't use quotes.

[ssweb]

I am looking for a number but identical code does not work in the two separate situations. I even tried copying a pasting the code from the one area to the other. It is even in the same page but will only recognize it in the one case.

[revraz]

echo the query, that usually will show you the mistake.