This is more than likely something I'm just being stupid on, but I cannot find where my code seems to be going wrong. I'm trying to prepare an SQL UPDATE command for an edit page for an internal (yes I'm aware I'm not coding in current version PHP - work needed a quick fix and its an internal system - please don't judge me!) database and no matter what I seem to do, I am continually facing an error where I'm being told I have an extra ; in my statement. However, the UPDATE command I'm about to post is almost identical (barring a few fields) to another I have prepared for an almost identical part of the database elsewhere, and that works perfectly! I feel like I'm just missing some punctuation somewhere, but I've been staring at it for hours, so I'm hoping someone else can see. I'll actually post the entire block of code, rather than just the UPDATE statement, just in case....
<?php
require("header.php");
$error_feat_id = "";
$valid_feature = "";
$error_feat_id = "";
$refferal_feat_id = $_GET['feat_id'];
if(isset($refferal_feat_id) == TRUE) {
if(is_numeric($refferal_feat_id) == FALSE) {
$error_feat_id = 1;
}
if($error_feat_id == 1) {
header("Location: ".$config_basedir);
}
else {
$valid_feature = $refferal_feat_id;
}
}
else {
$valid_feature = 0;
}
if($_POST['submit']) {
$datereceived = $_POST['calendaryear']."-".$_POST['calendarmonth']."-".$_POST['calendarday'];
$director1dob = $_POST['director1year']."-".$_POST['director1month']."-".$_POST['director1day'];
$director2dob = $_POST['director2year']."-".$_POST['director2month']."-".$_POST['director2day'];
$update_feature_sql = "UPDATE features SET Title = '".mysql_real_escape_string($_POST['title'])."',
DateReceived = STR_TO_DATE(".$datereceived.", '%Y-%m-%d'),
Synopsis = '".mysql_real_escape_string($_POST['synopsis'])."',
LogLine = '".mysql_real_escape_string($_POST['logline']."',
StrandID = ".$_POST['programstrand'].",
CompCatID = ".$_POST['compcat'].",
PremiereID = ".$_POST['premierestatus'].",
FirstFeatureID = ".$_POST['firstfeature'].",
OriginID = ".$_POST['origin'].",
RoughtCutID = ".$_POST['roughcut'].",
ScreenerID = ".$_POST['screener'].",
Director1 = '".mysql_real_escape_string($_POST['director1'])."',
Director1Bio = '".mysql_real_escape_string($_POST['director1bio'])."',
Director1Nationality = '".mysql_real_escape_string($_POST['director1nation'])."',
Director1DOB = STR_TO_DATE(".$director1dob.", '%Y-%m-%d'),
Director2 = '".mysql_real_escape_string($_POST['director2'])."',
Director2Bio = '".mysql_real_escape_string($_POST['director2bio'])."',
Director2Nationality = '".mysql_real_escape_string($_POST['director2nation'])."',
Director2DOB = STR_TO_DATE(".$director2dob.", '%Y-%m-%d'),
Country1 = '".mysql_real_escape_string($_POST['country1'])."',
Country2 = '".mysql_real_escape_string($_POST['country2'])."',
Country3 = '".mysql_real_escape_string($_POST['country3'])."',
Country4 = '".mysql_real_escape_string($_POST['country4'])."',
Country5 = '".mysql_real_escape_string($_POST['country5'])."',
Country6 = '".mysql_real_escape_string($_POST['country6'])."',
Country7 = '".mysql_real_escape_string($_POST['country7'])."',
Country8 = '".mysql_real_escape_string($_POST['country8'])."',
Country9 = '".mysql_real_escape_string($_POST['country9'])."',
Country10 = '".mysql_real_escape_string($_POST['country10'])."',
Cast1 = '".mysql_real_escape_string($_POST['cast1'])."',
Cast2 = '".mysql_real_escape_string($_POST['cast2'])."',
Cast3 = '".mysql_real_escape_string($_POST['cast3'])."',
Cast4 = '".mysql_real_escape_string($_POST['cast4'])."',
AdditionalComments = '".mysql_real_escape_string($_POST['additionalcomments'])."',
DurationHours = '".mysql_real_escape_string($_POST['durationhours'])."',
DurationMins = '".mysql_real_escape_string($_POST['durationmins'])."',
ScreeningFormat1 = ".$_POST['screeningformat1'].",
ScreeningFormat2 = ".$_POST['screeningformat2'].",
ScreeningFormat3 = ".$_POST['screeningformat3'].",
ScreeningFormat4 = ".$_POST['screeningformat4'].",
ScreeningFormat5 = ".$_POST['screeningformat5'].",
DCPEID = ".$_POST['dcpe'].",
DCPCPL = '".mysql_real_escape_string($_POST['dcpcpl'])."',
SubTypeID = ".$_POST['subtype'].",
AspectID = ".$_POST['aspect'].",
LanguageID = ".$_POST['language'].",
SubtitlesID = ".$_POST['subtitles'].",
AudioID = ".$_POST['audio'].",
PubRecID = ".$_POST['pubrec'].",
TypeOfMaterials = '".mysql_real_escape_string($_POST['typeofmaterials'])."',
ContactName = '".mysql_real_escape_string($_POST['contactname'])."',
ContactEmail = '".mysql_real_escape_string($_POST['contactemail'])."',
ContactPhone1 = '".mysql_real_escape_string($_POST['contactphone1'])."',
ContactPhone2 = '".mysql_real_escape_string($_POST['contactphone2'])."',
ContactAddress = '".mysql_real_escape_string($_POST['contactaddress'])."',
HomeAddressID = ".$_POST['homeaddress'].",
ContactWebsite = '".mysql_real_escape_string($_POST['contactwebsite'])."',
SAERecID = ".$_POST['saerec'].",
SAERetID = ".$_POST['saeret'].",
FeeStatusID = ".$_POST['feestatus'].",
EntryFeeID = ".$_POST['entryfee'].",
ProdYearID = '".mysql_real_escape_string($_POST['prodyear'])."',
ProdCo1 = '".mysql_real_escape_string($_POST['prodco1'])."',
ProdWebsite1 = '".mysql_real_escape_string($_POST['prodwebsite1'])."',
ProdCo1Nation = '".mysql_real_escape_string($_POST['prodco1nation'])."',
ProdCo2 = '".mysql_real_escape_string($_POST['prodco2'])."',
ProdWebsite2 = '".mysql_real_escape_string($_POST['prodwebsite2'])."',
ProdCo2Nation = '".mysql_real_escape_string($_POST['prodco2nation'])."',
Producer1 = '".mysql_real_escape_string($_POST['producer1'])."',
Producer1Nation = '".mysql_real_escape_string($_POST['producer1nation'])."',
Producer2 = '".mysql_real_escape_string($_POST['producer2'])."',
Producer2Nation = '".mysql_real_escape_string($_POST['producer2nation'])."',
Producer3 = '".mysql_real_escape_string($_POST['producer3'])."',
Producer3Nation = '".mysql_real_escape_string($_POST['producer3nation'])."',
Producer4 = '".mysql_real_escape_string($_POST['producer4'])."',
Producer4Nation = '".mysql_real_escape_string($_POST['producer4nation'])."',
SalesAgent = '".mysql_real_escape_string($_POST['salesagent'])."',
Distributor = '".mysql_real_escape_string($_POST['distributor'])."',
TalentAttached = '".mysql_real_escape_string($_POST['talentattached'])."',
PreviouslyScreenedAt = '".mysql_real_escape_string($_POST['prevscreenat'])."',
ScreeningFeesID = ".$_POST['screeningfees'].",
ScreeningFeesAmt = '".mysql_real_escape_string($_POST['screeningfeesamt'])."',
KidsID = ".$_POST['kids'].",
Code showing error on this line
ConfirmID = ".$_POST['confirm']." WHERE ID = ".$refferral_feat_id.";";
mysql_query($update_feature_sql) or die(mysql_error());
header("Location: ".$config_basedir."feat_show.php?feat_id=".$refferal_feat_id);
}
else {
$sql_get_feature = "SELECT * FROM features WHERE ID = ".$refferal_feat_id.";";
$query_get_feature = mysql_query($sql_get_feature);
$rows_get_feature = mysql_fetch_assoc($query_get_feature);
?>
I realise that I've probably overlooked something, and that I could be doing things more efficiently, but I'm a PHP noob who's up the walls with several things at once, and could really do with getting this code working! Thanks in advance for any help/advice!