trying to create an page to edit the data base file
But i keep getting this message
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Cant see the error. would appreciate some help..
Thanks
<?php require_once('../Connections/yelan.php');?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "editBooks")) {
$updateSQL = sprintf("UPDATE books SET title=%s, author=%s, price=%s, description=%s WHERE bookID=%s",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($_POST['author'], "text"),
GetSQLValueString($_POST['price'], "double"),
GetSQLValueString($_POST['description'], "text"),
GetSQLValueString($_POST['editbooksKey'], "int"));
mysql_select_db($database_yelan, $yelan);
$Result1 = mysql_query($updateSQL, $yelan) or die(mysql_error());
$updateGoTo = "control.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
mysql_select_db($database_yelan, $yelan);
$query_editbooks = "SELECT * FROM books WHERE bookID = $editkey";
$editbooks = mysql_query($query_editbooks, $yelan) or die(mysql_error());
$row_editbooks = mysql_fetch_assoc($editbooks);
$totalRows_editbooks = mysql_num_rows($editbooks);?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>admin edit books</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p>edit books </p>
<form name="editBooks" method="POST" action="<?php echo $editFormAction; ?>">
<table width="106%" border="1" id="edit">
<tr>
<td width="15%">bookID</td>
<td width="15%">title</td>
<td width="18%">author</td>
<td width="17%">price</td>
<td width="20%">description</td>
</tr>
<tr>
<td><input name="edit" type="submit" id="edit" value="edit">
<input name="editbooksKey" type="hidden" id="editbooksKey" value="<?php echo $editkey?>"></td>
<td>
<input name="title" type="text" id="title" value="<?php echo $row_editbooks['title']; ?>"> </td>
<td><input name="author" type="text" id="author" value="<?php echo $row_editbooks['author']; ?>"></td>
<td><input name="price" type="text" id="price" value="<?php echo $row_editbooks['price']; ?>"></td>
<td><input name="description" type="text" id="description" value="<?php echo $row_editbooks['description']; ?>"></td>
</tr>
</table>
<input type="hidden" name="MM_update" value="editBooks">
</form>
<p> </p>
</body>
</html>
<?php
mysql_free_result($editbooks);
?>