Error in SQL syntax - what does it mean?

I have an error showing when I try and update a form -

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 1

I have been through the update statement and it seems fine, what usually causes this problem.

A " or ’ in the data you are inserting can cause a problem; if so part of your data may have been inserted if it is text and it will give you some idea where the problem is.

No there nothing in the actual data itself, its pretty basic stuff in terms of the data.

Have been through the update script too, and seems to be ok.


if(isset($_POST['btnsubmit']))
{

$flag=$_POST['flag'];
if ($flag==0)
{
//$pic1=$_FILES['image1']['name'];
//$pic1b=$_POST['image1b'];
$shortTitle=$_POST['shortTitle'];
$longTitle=$_POST['longTitle'];
$ladiesCheckbox=$_POST['ladiesCheckbox'];	
$mensCheckbox=$_POST['mensCheckbox'];
$kidsCheckbox=$_POST['kidsCheckbox'];
$equCheckbox=$_POST['equCheckbox'];
$walkingCheckbox=$_POST['walkingCheckbox'];
$bootCheckbox=$_POST['bootCheckbox'];
$wellieCheckbox=$_POST['wellieCheckbox'];
$fashionCheckbox=$_POST['fashionCheckbox'];
$overCheckbox=$_POST['overkneeCheckbox'];
$refNumber=$_POST['refNumber'];
$description=$_POST['e1m1'];
$price=$_POST['price'];
$inStock=$_POST['inStock'];
$paypalPath=$_POST['paypalPath'];
$stockActive=$_POST['stockActive'];

//Image 1
if (($_FILES['image1']['name'])==""){
$pic1b=($_POST['image1b']);
//$pic1=$pic1b;
$target=$pic1b;
} else {
$pic1= $random1 . ($_FILES['image1']['name']);
$target = "imgdata/socks/" . $pic1;

move_uploaded_file($_FILES['image1']['tmp_name'], $target);
}

//Image 2
if (($_FILES['image2']['name'])==""){
$pic2b=($_POST['image2b']);
//$pic2=$pic2b;
$target2=$pic2b;
} else {
$pic2= $random2 . ($_FILES['image2']['name']);
$target2 = "imgdata/socks/" . $pic2;

move_uploaded_file($_FILES['image2']['tmp_name'], $target2);
}
//Image 3
if (($_FILES['image3']['name'])==""){
$pic3b=($_POST['image3b']);
//$pic3=$pic3b;
$target3=$pic3b;
} else {
$pic3= $random3 . ($_FILES['image3']['name']);
$target3 = "imgdata/socks/" . $pic3;

move_uploaded_file($_FILES['image3']['tmp_name'], $target3);
}
//Image 4
if (($_FILES['image4']['name'])==""){
$pic4b=($_POST['image4b']);
$target4=$pic4b;
} else {
$pic4= $random4 . ($_FILES['image4']['name']);
$target4 = "imgdata/socks/" . $pic4;

move_uploaded_file($_FILES['image4']['tmp_name'], $target4);
}

$q24=mysql_query("update stock set short_Title='$shortTitle',long_Title='$longTitle',ladies_Checkbox='$ladiesCheckbox',mens_Checkbox='$mensCheckbox',kids_Checkbox='$kidsCheckbox',equestrian_Checkbox='$equCheckbox',walking_Checkbox='$walkingCheckbox',boot_Checkbox='$bootCheckbox',wellie_Checkbox='$wellieCheckbox',fashion_Checkbox='$fashionCheckbox',over_Checkbox='$overCheckbox',ref_Number='$refNumber',Description='$description',Price='$price',in_Stock='$inStock',image_1='$target',image_2='target2',image_3='$target3',image_4='$target4',paypal_Path='$paypalPath',stock_Active='$stockActive' where stock_Id=$sr") or die (mysql_error());
$flag=1;
$conf="Data Updated Successfully - Click <a href='http://www.nicesocks.co.uk/admin/admin_categories.php'>here</a> to continue";
$update="1";
}

Couple of things, make sure to use mysql_real_escape_string() on ALL of your $_POST data.
I think you meant $target2 instead of target2 in your update query.
Lastly, put the following statement above your mysql_query call

var_dump("update stock set short_Title='$shortTitle',long_Title='$longTitle',ladies_Checkbox='$ladiesCheckbox',mens_Checkbox='$mensCheckbox',kids_Checkbox='$kidsCheckbox',equestrian_Checkbox='$equCheckbox',walking_Checkbox='$walkingCheckbox',boot_Checkbox='$bootCheckbox',wellie_Checkbox='$wellieCheckbox',fashion_Checkbox='$fashionCheckbox',over_Checkbox='$overCheckbox',ref_Number='$refNumber',Description='$description',Price='$price',in_Stock='$inStock',image_1='$target',image_2='$target2',image_3='$target3',image_4='$target4',paypal_Path='$paypalPath',stock_Active='$stockActive' where stock_Id=$sr");

Give us the output, or copy the output into phpMyAdmin and see if it runs there.

If your developing something new, make sure to switch to mysqli or pdo, because the mysql extension has been deprecated: http://www.php.net/manual/en/intro.mysql.php

Ah that sorted that out, I’m going to keep that vardump on a post it note on my computer from now on, its always the answer to my problems, cheers cpradio.

I wasnt passing the id of the item over and also that target mistake wasnt helping.

Just one more thing, is the syntax correct below:


short_Title=mysql_real_escape_string('$shortTitle')

double quotes, not single quotes (though the quotes are unnecessary). Then you will have the correct syntax. Personally, I’d do this:

$shortTitle=mysql_real_escape_string($_POST['shortTitle']);
$longTitle=mysql_real_escape_string($_POST['longTitle']);
$ladiesCheckbox=mysql_real_escape_string($_POST['ladiesCheckbox']);	
$mensCheckbox=mysql_real_escape_string($_POST['mensCheckbox']);
$kidsCheckbox=mysql_real_escape_string($_POST['kidsCheckbox']);
$equCheckbox=mysql_real_escape_string($_POST['equCheckbox']);
$walkingCheckbox=mysql_real_escape_string($_POST['walkingCheckbox']);
$bootCheckbox=mysql_real_escape_string($_POST['bootCheckbox']);
$wellieCheckbox=mysql_real_escape_string($_POST['wellieCheckbox']);
$fashionCheckbox=mysql_real_escape_string($_POST['fashionCheckbox']);
$overCheckbox=mysql_real_escape_string($_POST['overkneeCheckbox']);
$refNumber=mysql_real_escape_string($_POST['refNumber']);
$description=mysql_real_escape_string($_POST['e1m1']);
$price=mysql_real_escape_string($_POST['price']);
$inStock=mysql_real_escape_string($_POST['inStock']);
$paypalPath=mysql_real_escape_string($_POST['paypalPath']);
$stockActive=mysql_real_escape_string($_POST['stockActive']);

Yes of course, thanks cpradio.

I think Ive got too much on at the mo, and I’m forgetting basic things, so thanks to all for sometimes having to re explain things tahsta lready been done.

I think at some point it will all filter into my head, been a lot to take it all in and remember the basics.

Thanks again all