Can't Update MySQL table

Question

I don't know what I'm doing wrong, but my little update code is giving me an error message that I can't work out how to resolve it.

Here's my code:

<?php

     include('dbconfig.php');
     $con = mysql_connect($host, $username, $password) or die(mysql_error()) ; 

     if (!$con){
         die('Could not connect: ' . mysql_error());
      }
        mysql_select_db($db, $con);

       function sqlEscape($string){     
          return "'".mysql_real_escape_string($string)."'";
       }

        if(isset($_POST['submit'])){


    $q  =  "UPDATE records SET `name` = " + sqlEscape($_POST['name']) + ", 
    `age` = " + sqlEscape($_POST['age']) + ", 
    `location` = " + sqlEscape($_POST['location']) + ", 
    `telephone` = " + sqlEscape($_POST['telephone']) + "

     WHERE id = $_POST[id]";                

     mysql_query($q) or die(mysql_error());

     }                  
  ?>

Here's the error message it prints out:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1

Can someone see where I'm going wrong at all?

Thanks for your help.

Answer 1

You are adding strings together with the + operator, which is for adding numbers. In PHP, strings are concatenated with the . (period) operator.

$q = "UPDATE records SET `name` = " . sqlEscape(...) . ",

etc

Answer 2

$q  =  "UPDATE records SET `name` = " . sqlEscape($_POST['name']) . ", 
    `age` = " . sqlEscape($_POST['age']) . ", 
    `location` = " . sqlEscape($_POST['location']) . ", 
    `telephone` = " . sqlEscape($_POST['telephone']) . "

     WHERE id = $_POST[id]";

Use "." instead of "+" to concat strings in PHP.