I have a page that links to another page for updating purposes. i made table through the Record Update Form wizard. my previous pages had one too but this time i experienced this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(receipt)='asher.png', status='verified' WHERE idpayment=21' at line 1"
php
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE payment_form SET name=%s, address=%s, contactno=%s, MOP=%s, totalsent=%s, datesent=%s, `contact number(Smart Money)`=%s, filename(receipt)=%s, status=%s WHERE idpayment=%s",
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['contactno'], "text"),
GetSQLValueString($_POST['MOP'], "text"),
GetSQLValueString($_POST['totalsent'], "text"),
GetSQLValueString($_POST['datesent'], "date"),
GetSQLValueString($_POST['contact_numberSmart_Money'], "text"),
GetSQLValueString($_POST['filenamereceipt'], "text"),
GetSQLValueString($_POST['status'], "text"),
GetSQLValueString($_POST['idpayment'], "int"));
mysql_select_db($database_MCC, $MCC);
$Result1 = mysql_query($updateSQL, $MCC) or die(mysql_error());
$updateGoTo = "admin_home2.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
$colname_rsVerifyPayments = "-1";
if (isset($_GET['idpayment'])) {
$colname_rsVerifyPayments = $_GET['idpayment'];
}
mysql_select_db($database_MCC, $MCC);
$query_rsVerifyPayments = sprintf("SELECT * FROM payment_form WHERE idpayment = %s", GetSQLValueString($colname_rsVerifyPayments, "int"));
$rsVerifyPayments = mysql_query($query_rsVerifyPayments, $MCC) or die(mysql_error());
$row_rsVerifyPayments = mysql_fetch_assoc($rsVerifyPayments);
$totalRows_rsVerifyPayments = mysql_num_rows($rsVerifyPayments);
?>
the table
<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1">
<table align="center">
<tr valign="baseline">
<td nowrap="nowrap" align="right">Idpayment:</td>
<td><?php echo $row_rsVerifyPayments['idpayment']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Name:</td>
<td><input type="text" name="name" value="<?php echo htmlentities($row_rsVerifyPayments['name'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Address:</td>
<td><input type="text" name="address" value="<?php echo htmlentities($row_rsVerifyPayments['address'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Contactno:</td>
<td><input type="text" name="contactno" value="<?php echo htmlentities($row_rsVerifyPayments['contactno'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">MOP:</td>
<td><input type="text" name="MOP" value="<?php echo htmlentities($row_rsVerifyPayments['MOP'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Totalsent:</td>
<td><input type="text" name="totalsent" value="<?php echo htmlentities($row_rsVerifyPayments['totalsent'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Datesent:</td>
<td><input type="text" name="datesent" value="<?php echo htmlentities($row_rsVerifyPayments['datesent'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Mobile Number:</td>
<td><input type="text" name="contact_numberSmart_Money" value="<?php echo htmlentities($row_rsVerifyPayments['contact number(Smart Money)'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Filename:</td>
<td><input type="text" name="filenamereceipt" value="<?php echo htmlentities($row_rsVerifyPayments['filename(receipt)'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Status:</td>
<td><select name="status">
<option value="unverified" <?php if (!(strcmp("unverified", htmlentities($row_rsVerifyPayments['status'], ENT_COMPAT, 'utf-8')))) {echo "SELECTED";} ?>>unverified</option>
<option value="verified" <?php if (!(strcmp("verified", htmlentities($row_rsVerifyPayments['status'], ENT_COMPAT, 'utf-8')))) {echo "SELECTED";} ?>>verified</option>
</select></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td><input type="submit" value="Update record" /></td>
</tr>
</table>
<input type="hidden" name="MM_update" value="form1" />
<input type="hidden" name="idpayment" value="<?php echo $row_rsVerifyPayments['idpayment']; ?>" />
</form>
