What I mean is, you're setting up these local variables
Code: Select all
//This gets all the other information from the form
$submittedby = $_POST['submittedby'];
$listingtitle = $_POST['listingtitle'];
$make = $_POST['make'];
$model = $_POST['model'];
$exteriorcolour = $_POST['exteriorcolour'];
$enginesize = $_POST['enginesize'];
$fueltype = $_POST['fueltype'];
$yearregistered = $_POST['yearregistered'];
$transmission = $_POST['transmission'];
$mileage = $_POST['mileage'];
$nodoors = $_POST['nodoors'];
$bodystyle = $_POST['bodystyle'];
$price = $_POST['price'];
but then don't actually reference them in your query
Code: Select all
$sql = "UPDATE privatelistings SET submittedby = 'submittedby', listingtitle = 'listingtitle', make = 'make', model = 'model', exteriorcolour = 'exteriorcolour', enginesize = 'enginesize', fueltype = 'fueltype', yearregistered = 'yearregistered', transmission = 'transmission', mileage = 'mileage', nodoors = 'nodoors', bodystyle = 'bodystyle', price = 'price', photo = 'photo', photo1 = 'photo'";
Instead of submittedby = 'submittedby', you'd want submittedby = '{$submittedby}' and so forth. You really want to be escaping those values, and should use prepared statements and PDO over the deprecated mysql_ functions, but one thing at a time.