MYsQl Error - Form here to check

I get the below error after posting. Is there an error in this form?

----------------
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and address = '' and city = '5' and county = ''' at line 1
-----------------------


I heve edited the form field and the SQL code at the top that the form writes to.






-----------------------------------------------


<? require_once('Connections/myconn.php');
?>
<?php
//begin code to insert form into database if post varables are present
//function to return a sql value string for insert sql
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

mysql_select_db($database_myconn, $myconn);

//fetch transaction info from accounting database
$sql = "select item from accounting where id = ". $_REQUEST['tid'];
$itemRS = mysql_query($sql,$myconn) or die(mysql_error());
$Tarray = mysql_fetch_assoc($itemRS);
$credit_id = $Tarray['item'];

//fetch exp date for credit in assoc array
$sql = "select days from credits where id = " . $credit_id;
$expRS = mysql_query($sql,$myconn) or die(mysql_error());
$array = mysql_fetch_assoc($expRS);
$exp = $array['days'];
$insertSQL = sprintf("INSERT INTO items (mid, cid, title, price, pdate, special_price, sold, description, address, city, `county`, postcode, exp, featured, active, reception, bedrooms, bathrooms, CH, DG, gardens, parking, nshops, nschool, loft, untilr, patio) VALUES (%s, %s, %s, %s, NOW(), %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['mid'], "int"),
GetSQLValueString($_REQUEST['cat'], "int"),
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($_POST['price'], "double"),
GetSQLValueString($_POST['special_price'], "double"),
GetSQLValueString($_POST['Sold'], "text"),
GetSQLValueString($_POST['description'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['county'], "text"),
GetSQLValueString($_POST['postcode'], "text"),
$exp, //fetch expire date from above
GetSQLValueString($_POST['featured'], "text"),
GetSQLValueString($_POST['active'], "text"),
GetSQLValueString($_REQUEST['reception'],"text"),
GetSQLValueString($_REQUEST['bedrooms'],"text"),
GetSQLValueString($_REQUEST['bathrooms'],"text"),
GetSQLValueString($_REQUEST['CH'],"text"),
GetSQLValueString($_REQUEST['DG'],"text"),
GetSQLValueString($_REQUEST['gardens'],"text"),
GetSQLValueString($_REQUEST['parking'],"text"),
GetSQLValueString($_REQUEST['nshops'],"text"),
GetSQLValueString($_REQUEST['nschool'],"text"),
GetSQLValueString($_REQUEST['loft'],"text"),
GetSQLValueString($_REQUEST['utilr'],"text"),
GetSQLValueString($_REQUEST['patio'],"text"),
GetSQLValueString($_REQUEST['year'],"text"),
GetSQLValueString($_REQUEST['sqft'],"double"));
//echo $insertSQL;
//die();
$Result1 = mysql_query($insertSQL, $myconn) or die(mysql_error());

//mark credit a not active
$sql = "update accounting set active = 'No' where mid = ". $_REQUEST['mid'] ." and id = ". $_REQUEST['tid'] ." limit 1";
$update = mysql_query($sql, $myconn) or die(mysql_error());

//inset is now complete, send bulk email with new into
require_once('myfunctions.php');

//fetch domain name
$settingsR = mysql_query("select domain,email from settings",$myconn) or die(mysql_error());
$settings = mysql_fetch_assoc($settingsR);

//fetch id number for new listing
$sql = "select id from items where title ='".$_REQUEST['title']."' and price = ".$_REQUEST['price']." and address = '".$_REQUEST['address']."' and city = '".$_REQUEST['city']."' and county = '".$_REQUEST['county']."' ";
$listingR = mysql_query($sql,$myconn) or die(mysql_error());
$listing = mysql_fetch_assoc($listingR);
$message =
"A new listing has been added to our site. Please feel free to have a look.

LINK: ".$settings['domain']."/index.php?go=detail&id=".$listing['id']."

";
$subject = "New Listing Added";
$from = "From:".$settings['email'];
bulk_email($message,$subject,$from);

$insertGoTo = "a_index.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

//end of php code for insert of new record
?>
<?php include('header.php'); ?>
<?php require_once('Connections/myconn.php'); ?>
<?php
//begin code for form to insert a new record

//fetch all categories from database , and load into a assoc array
mysql_select_db($database_myconn, $myconn);
$query_cat = "SELECT * FROM categories ORDER BY title ASC";
$cat = mysql_query($query_cat, $myconn) or die(mysql_error());
$row_cat = mysql_fetch_assoc($cat);
$totalRows_cat = mysql_num_rows($cat);

//fetch member information from datebase where email matches session varable
$colname_minfo = "1";
if (isset($_SESSION['MM_Username'])) {
$colname_minfo = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']);
}
mysql_select_db($database_myconn, $myconn);
$query_minfo = sprintf("SELECT * FROM members WHERE email = '%s'", $colname_minfo);
$minfo = mysql_query($query_minfo, $myconn) or die(mysql_error());
$row_minfo = mysql_fetch_assoc($minfo);
$totalRows_minfo = mysql_num_rows($minfo);

//fetch all active credits from accounting table in database
$colname_a = $row_minfo['id']; // store member id
mysql_select_db($database_myconn, $myconn);
$query_a = sprintf("SELECT * FROM accounting WHERE mid = %s", $colname_a) . " and active = 'Yes'";
$a = mysql_query($query_a, $myconn) or die(mysql_error());
$row_a = mysql_fetch_assoc($a);
$totalRows_a = mysql_num_rows($a);

mysql_select_db($database_myconn, $myconn);
$query_county = "SELECT * FROM `county` ORDER BY title ASC";
$county = mysql_query($query_county, $myconn) or die(mysql_error());
$row_county = mysql_fetch_assoc($county);
$totalRows_county = mysql_num_rows($county);

mysql_select_db($database_myconn, $myconn);
$query_city = "SELECT * FROM city ORDER BY title ASC";
$city = mysql_query($query_city, $myconn) or die(mysql_error());
$row_city = mysql_fetch_assoc($city);
$totalRows_city = mysql_num_rows($city);
?>
<?


if (mysql_num_rows($a) <= 0) {
echo '<br><br><p><center><em>Please purchase credits by clicking My Credits link in navagation menu</em></center></p>';
include('footer.php');
die;
}
?>
<form method="POST" action="<?php echo $editFormAction; ?>" name="form1">
<table width="500" border="0" align="center" cellpadding="5" cellspacing="0">
<caption align="left" class="pageTitle">
New Property Listing
</caption>
<tr>
<td class="colText">Select Credit To Use:</td>
<td bgcolor="#FFFFFF" class="rowText"><select name="tid" id="tid">
<?php
do {

?>
<option value="<?php echo $row_a['id']?>"><?php echo $row_a['title']?></option>
<?php
} while ($row_a = mysql_fetch_assoc($a));
$rows = mysql_num_rows($a);
if($rows > 0) {
mysql_data_seek($a, 0);
$row_a = mysql_fetch_assoc($a);
}
?>
</select></td>
</tr>
<tr>
<td class="colText">Catagory</td>
<td bgcolor="#FFFFFF" class="rowText"><select name="cat" id="cat">
<?php
do {
?>
<option value="<?php echo $row_cat['id']?>"><?php echo $row_cat['title']?></option>
<?php
} while ($row_cat = mysql_fetch_assoc($cat));
$rows = mysql_num_rows($cat);
if($rows > 0) {
mysql_data_seek($cat, 0);
$row_cat = mysql_fetch_assoc($cat);
}
?>
</select></td>
</tr>
<tr>
<td class="colText">Property Title </td>
<td bgcolor="#FFFFFF" class="rowText"><input name="title" type="text" id="title" size="45"></td>
</tr>
<tr>
<td class="colText">Price:</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="price" type="text" id="price" size="25">
i.e. 10000000.00</td>
</tr>
<tr>
<td class="colText">Address</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="address" type="text" id="address" size="40"></td>
</tr>
<tr>
<td class="colText">City/Town</td>
<td bgcolor="#FFFFFF" class="rowText">
<?
//if city(s) are present in database
if(mysql_num_rows($city) <= 0){?>
<input name="city" type="text" id="city">
<? }else{ ?>
<select name="city" id="city">
<?php
do {
?>
<option value="<?php echo $row_city['id']?>"><?php echo $row_city['title']?></option>
<?php
} while ($row_city = mysql_fetch_assoc($city));
$rows = mysql_num_rows($city);
if($rows > 0) {
mysql_data_seek($city, 0);
$row_city = mysql_fetch_assoc($city);
}
?>
</select>
<? } ?>
</td>
</tr>


<tr>
<td class="colText">County</td>
<td bgcolor="#FFFFFF" class="rowText"><select name="county" id="county">
<?php
do {
?>
<option value="<?php echo $row_county['stitle']?>"><?php echo $row_county['title']?></option>
<?php
} while ($row_county = mysql_fetch_assoc($county));
$rows = mysql_num_rows($county);
if($rows > 0) {
mysql_data_seek($county, 0);
$row_county = mysql_fetch_assoc($county);
}
?>


</select></td>
</tr>

<tr>
<td class="colText">Postcode</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="postcode" type="text" id="postcode" size="15"></td>


<tr>
<td class="colText">Reception</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="reception" type="text" id="reception" size="15"></td>
</tr></td>
</tr>

<tr>
<td class="colText">Bedrooms</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="bedrooms" type="text" id="bedrooms" size="15"></td>
</tr>

<tr>
<td class="colText">Bathrooms</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="bathrooms" type="text" id="bathrooms" size="15"></td>
</tr>

<tr>
<td class="colText">Central Heating</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="CH" type="text" id="CH" size="15"></td>
</tr>

<tr>
<td class="colText">Double Glazing</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="DG" type="text" id="DG" size="15"></td>
</tr>

<tr>
<td class="colText">Gardens</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="gardens" type="text" id="gardens" size="15"></td>
</tr>

<tr>
<td class="colText">Parking</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="parking" type="text" id="parking" size="15"></td>
</tr>

<tr>
<td class="colText">Near Shops</td>
<td bgcolor="#FFFFFF" class="rowText"> <input type=radio name=nshops value="y">yes &nbsp;&nbsp;&nbsp;
<input type=radio name=nshops value="n" checked>no</td>
<tr/>

<tr>
<td class="colText">Near School</td>
<td bgcolor="#FFFFFF" class="rowText"> <input type=radio name=nschool value="y">yes &nbsp;&nbsp;&nbsp;
<input type=radio name=nschool value="n" checked>no</td>
</tr>

<tr>
<td class="colText">Loft</td>
<td bgcolor="#FFFFFF" class="rowText"> <input type=radio name=Loft value="y">yes &nbsp;&nbsp;&nbsp;
<input type=radio name=Loft value="n" checked>no</td>
</tr>

<tr>
<td class="colText">Utility Room</td>
<td bgcolor="#FFFFFF" class="rowText"> <input type=radio name=utilr value="y">yes &nbsp;&nbsp;&nbsp;
<input type=radio name=utilr value="n" checked>no</td>

</tr>

<tr>
<td class="colText">Patio</td>
<td bgcolor="#FFFFFF" class="rowText"><input type=radio name=patio value="y">yes &nbsp;&nbsp;&nbsp;
<input type=radio name=patio value="n" checked>no</td>
</tr>

<tr>
<td class="colText">Year</td>
<td bgcolor="#FFFFFF" class="rowText"><input name="year" type="text" id="year" size="15"></td>
</tr>

<tr class="colText">
<td colspan="2"><p>Description</p> </td>
</tr>
<tr class="colText">
<td colspan="2"><div align="center">
<textarea name="description" cols="70" rows="15" id="description"></textarea>
</div></td>
</tr>
<tr>
<td colspan="2"><div align="right">
<input name="active" type="hidden" id="active" value="Yes">
<input name="Sold" type="hidden" id="Sold" value="No">
<input name="featured" type="hidden" id="featured" value="No">
<input name="exp" type="hidden" id="exp">
<input name="pdate" type="hidden" id="pdate" value="NOW()">
<input name="mid" type="hidden" id="mid" value="<?php echo $row_minfo['id']; ?>">
<input type="submit" name="Submit4" value="Submit">
<input type="reset" name="Submit22" value="Reset">
<input name="Submit32" type="button" onClick="window.location='a_index.php'" value="Cancel">
</div></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
<? include('footer.php'); ?>
<?php


mysql_free_result($city);
?>

 

 

 

 

Top