Help with edit item function:

[furn355]

OKay so i created a new item system for my game and im having a bit of trouble with the staff edit item function:

I am getting this error:

QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Query was DELETE FROM items WHERE itmid=

And i dont understand why it is not picking up the ID, any help would be appreciated :)

 

function edit_item_begin()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 2)
{
die("403");
}


print "<h3>Editing Item</h3>
<h2>WARNING! Do not edit any of the edibles!!!</h2>
You can edit any aspect of this item.

<form action='staff_items.php?action=edititemform' method='post'>
Item: ".item_dropdown($c,'item')."

<input type='submit' value='Edit Item' /></form>";
}
function edit_item_form()
{
global $db,$ir,$c,$h;
if($ir['user_level'] > 2)
{
die("403");
}
$d=$db->query("SELECT * FROM items WHERE itmid={$_POST['item']}");
$itemi=$db->fetch_row($d);
print "<h3>Editing Item</h3>
<form action='staff_items.php?action=edititemsub' method='post'>
Item Name: <input type='text' name='itmname' value='' />

	Item Desc.: <input type='text' name='itmdesc' value='' />

	Item Type: ".itemtype_dropdown($c,'itmtype')."

	Item Buyable: <input type='checkbox' name='itmbuyable' checked='checked' />

	Item Price: <input type='text' name='itmbuyprice' />

	Item Sell Value: <input type='text' name='itmsellprice' />


	<hr />
	[b]Stat Boosts[/b]<hr />

	Item Strength Boost: <input type='text' name='strength_boost' value='0' />

	Item Defense Boost:<input type='text' name='defense_boost' value ='0' /> 

	Item Speed Boost:<input type='text' name='speed_boost' value ='0' />

	Items Image: (*include full location.   /images/pichere.jpg)<input type='text' name='itmpic' value='' /><hr />


<input type='submit' value='Edit Item' /></form>";
}
function edit_item_sub()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 2)
{
die("403");
}

if(!isset($_POST['itmname']) || !isset($_POST['itmdesc']) || !isset($_POST['itmtype'])  || !isset($_POST['itmbuyprice']) || !isset($_POST['itmsellprice']))
{
print "You missed one or more of the fields. Please go back and try again.

[url='staff_items.php?action=edititem']> Back[/url]";
$h->endpage();
exit;
}
$itmname=$_POST['itmname'];
$itmdesc=$_POST['itmdesc'];
$itmname=$db->escape($_POST['itmname']);
$itmdesc=$db->escape($_POST['itmdesc']);
$speed_boost=$db->escape($_POST['speed_boost']);
$defense_boost=$db->escape($_POST['defense_boost']);
$strength_boost=$db->escape($_POST['strength_boost']);
if($_POST['itmbuyable'] == 'on') { $itmbuy=1; } else { $itmbuy=0; }
$db->query("DELETE FROM items WHERE itmid={$_POST['itmid']}",$c);
$m=$db->query("INSERT INTO items VALUES('{$_POST['itmid']}',,{$_POST['itmtype']},'$itmname','$itmdesc',{$_POST['itmbuyprice']},{$_POST['itmsellprice']},'($itmbuy ? $itmbuy : 0)','$speed_boost','$defense_boost','$strength_boost','{$_POST['itmpic']}','0','0','0','0','0','0')");
print "The {$_POST['itmname']} Item was edited successfully.";
stafflog_add("Edited item {$_POST['itmname']}");
}

[Analog]

Your not passing a variable of $_POST['itmid'] from your form to the query

Is this to update an item? If so why are you deleting it, then adding a new item?

[furn355]

I was deleting it and replacing it with a new item (but same ID)

What would you suggest I do for the fix?

[Analog]

To fix it how you have it setup add this to your form (edit_item_form function)

<input type='hidden' name='itmid' value='{$itemi['itmid']}' />

 

My suggestion would be not to delete the item, instead use an UPDATE query to modify the values of the data for the item...

Example

$db->query("UPDATE table SET field = 'field', text = 'text', num = 'num' WHERE itmid = 'itmid'");

[furn355]

Thanks for the help :thumbsup:

[Danny696]

you dont need ' around a number ;)