today seems like a bad day for me...the script i created worked perfectly at school and now its giving errors... i have a edit form when i press on edit i get this error Code: $sql="UPDATE products SET product_id = '$_POST[productid]', product_name='$_POST[productname]', description='$_POST[description]', quantity='$_POST[quantity]', unit_price = '$_POST[price]', WHERE product_id='$editid'"; $result=mysql_query($sql); //echo $sql; if ($result) { ?> <div align="center"><p><font color="#FF0000">Edit Success</font></p></div> <?php } else { echo "error ".mysql_error(); } //echo "Product details updated"; header("Refresh:10;url=search.php"); } ?> PHP: any help will be appreciated
//Never EVER trust user data $productid = mysql_real_escape_string($_POST['productid']); $productname = mysql_real_escape_string($_POST['productname']); $description= mysql_real_escape_string($_POST['description']); $price = (int)$_POST['price']; $quantity = (int)$_POST['quantity']; //You had a , after price... which was your error. $sql="UPDATE products SET product_id = 'productid', product_name='$productname', description='$description', quantity='$quantity', unit_price = '$price' WHERE product_id='$editid'"; $result=mysql_query($sql); PHP: