From: "Gary" on
I have just created a registration page using Webassist, and I am getting a
syntax error that I am not understanding. Anyone be able to point me in the
right direction?

You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ' NULL, NULL)' at
line 1

This is the code (I have not modified it)

<?php require_once('Connections/local.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="";
$loginUsername = $_POST['id'];
$LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername . "'";
mysql_select_db($database_local, $local);
$LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);

//if there is a row in the database, the username was found - can not add
the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar
.."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

?>
<?php
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] ==
"WAATKRegistrationForm")) {
$insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s,
%s, %s, %s, %s, %s)",
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['relationship'], "text"),
GetSQLValueString($_POST['story'], "text"),
GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'],
"text"), GetSQLValueString($_POST['submitted'], "date"));

mysql_select_db($database_local, $local);
$Result1 = mysql_query($insertSQL, $local) or die(mysql_error());

$insertGoTo = "family_LogIn.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>

Thanks again for the help.

Gary



__________ Information from ESET Smart Security, version of virus signature database 5499 (20101003) __________

The message was checked by ESET Smart Security.

http://www.eset.com




From: chris h on
On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul(a)paulgdesigns.com> wrote:

> I have just created a registration page using Webassist, and I am getting a
> syntax error that I am not understanding. Anyone be able to point me in
> the
> right direction?
>
> You have an error in your SQL syntax; check the manual that corresponds to
> your MySQL server version for the right syntax to use near ' NULL, NULL)'
> at
> line 1
>
> This is the code (I have not modified it)
>
> <?php require_once('Connections/local.php'); ?>
> <?php
> if (!function_exists("GetSQLValueString")) {
> function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
> $theNotDefinedValue = "")
> {
> $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
>
> $theValue = function_exists("mysql_real_escape_string") ?
> mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
>
> switch ($theType) {
> case "text":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "long":
> case "int":
> $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> break;
> case "double":
> $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
> break;
> case "date":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "defined":
> $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
> break;
> }
> return $theValue;
> }
> }
> ?>
> <?php
> // *** Redirect if username exists
> $MM_flag="MM_insert";
> if (isset($_POST[$MM_flag])) {
> $MM_dupKeyRedirect="";
> $loginUsername = $_POST['id'];
> $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername .
> "'";
> mysql_select_db($database_local, $local);
> $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error());
> $loginFoundUser = mysql_num_rows($LoginRS);
>
> //if there is a row in the database, the username was found - can not add
> the requested username
> if($loginFoundUser){
> $MM_qsChar = "?";
> //append the username to the redirect page
> if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
> $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar
> ."requsername=".$loginUsername;
> header ("Location: $MM_dupKeyRedirect");
> exit;
> }
> }
> ?>
> <?php
> $editFormAction = $_SERVER['PHP_SELF'];
> if (isset($_SERVER['QUERY_STRING'])) {
> $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
> }
>
> ?>
> <?php
> if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] ==
> "WAATKRegistrationForm")) {
> $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
> password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s,
> %s,
> %s, %s, %s, %s, %s)",
> GetSQLValueString($_POST['firstname'], "text"),
> GetSQLValueString($_POST['lastname'], "text"),
> GetSQLValueString($_POST['email'], "text"),
> GetSQLValueString($_POST['password'], "text"),
> GetSQLValueString($_POST['relationship'], "text"),
> GetSQLValueString($_POST['story'], "text"),
> GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'],
> "text"), GetSQLValueString($_POST['submitted'], "date"));
>
> mysql_select_db($database_local, $local);
> $Result1 = mysql_query($insertSQL, $local) or die(mysql_error());
>
> $insertGoTo = "family_LogIn.php";
> if (isset($_SERVER['QUERY_STRING'])) {
> $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
> $insertGoTo .= $_SERVER['QUERY_STRING'];
> }
> header(sprintf("Location: %s", $insertGoTo));
> }
> ?>
>
> Thanks again for the help.
>
> Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 5499 (20101003) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

MySQL is not liking a query. It looks to be this one:

$insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s,
%s, %s, %s, %s, %s)",

I would echo or log $insertSQL just before you pass it to mysql_query() and
see if the SQL syntax looks right.


Chris.
From: Ashley Sheridan on
On Sun, 2010-10-03 at 13:14 -0400, chris h wrote:

> On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul(a)paulgdesigns.com> wrote:
>
> > I have just created a registration page using Webassist, and I am getting a
> > syntax error that I am not understanding. Anyone be able to point me in
> > the
> > right direction?
> >
> > You have an error in your SQL syntax; check the manual that corresponds to
> > your MySQL server version for the right syntax to use near ' NULL, NULL)'
> > at
> > line 1
> >
> > This is the code (I have not modified it)
> >
> > <?php require_once('Connections/local.php'); ?>
> > <?php
> > if (!function_exists("GetSQLValueString")) {
> > function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
> > $theNotDefinedValue = "")
> > {
> > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
> >
> > $theValue = function_exists("mysql_real_escape_string") ?
> > mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
> >
> > switch ($theType) {
> > case "text":
> > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> > break;
> > case "long":
> > case "int":
> > $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> > break;
> > case "double":
> > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
> > break;
> > case "date":
> > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> > break;
> > case "defined":
> > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
> > break;
> > }
> > return $theValue;
> > }
> > }
> > ?>
> > <?php
> > // *** Redirect if username exists
> > $MM_flag="MM_insert";
> > if (isset($_POST[$MM_flag])) {
> > $MM_dupKeyRedirect="";
> > $loginUsername = $_POST['id'];
> > $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername .
> > "'";
> > mysql_select_db($database_local, $local);
> > $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error());
> > $loginFoundUser = mysql_num_rows($LoginRS);
> >
> > //if there is a row in the database, the username was found - can not add
> > the requested username
> > if($loginFoundUser){
> > $MM_qsChar = "?";
> > //append the username to the redirect page
> > if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
> > $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar
> > ."requsername=".$loginUsername;
> > header ("Location: $MM_dupKeyRedirect");
> > exit;
> > }
> > }
> > ?>
> > <?php
> > $editFormAction = $_SERVER['PHP_SELF'];
> > if (isset($_SERVER['QUERY_STRING'])) {
> > $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
> > }
> >
> > ?>
> > <?php
> > if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] ==
> > "WAATKRegistrationForm")) {
> > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
> > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s,
> > %s,
> > %s, %s, %s, %s, %s)",
> > GetSQLValueString($_POST['firstname'], "text"),
> > GetSQLValueString($_POST['lastname'], "text"),
> > GetSQLValueString($_POST['email'], "text"),
> > GetSQLValueString($_POST['password'], "text"),
> > GetSQLValueString($_POST['relationship'], "text"),
> > GetSQLValueString($_POST['story'], "text"),
> > GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'],
> > "text"), GetSQLValueString($_POST['submitted'], "date"));
> >
> > mysql_select_db($database_local, $local);
> > $Result1 = mysql_query($insertSQL, $local) or die(mysql_error());
> >
> > $insertGoTo = "family_LogIn.php";
> > if (isset($_SERVER['QUERY_STRING'])) {
> > $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
> > $insertGoTo .= $_SERVER['QUERY_STRING'];
> > }
> > header(sprintf("Location: %s", $insertGoTo));
> > }
> > ?>
> >
> > Thanks again for the help.
> >
> > Gary
> >
> >
> >
> > __________ Information from ESET Smart Security, version of virus signature
> > database 5499 (20101003) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> MySQL is not liking a query. It looks to be this one:
>
> $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
> password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s,
> %s, %s, %s, %s, %s)",
>
> I would echo or log $insertSQL just before you pass it to mysql_query() and
> see if the SQL syntax looks right.
>
>
> Chris.


Does sprintf enclose the replacement strings in single quotes, as I
don't believe it does, so it could be that it is choking on.

Try running the SQL through something like phpMyAdmin, or a dedicated
tool like MySQL Workbench, which should be able to pin-point the issue
if it's not immediately obvious.

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: kranthi on
As pointed out echo $insertSQl should help you locate many trivial
problems. But using PDO will avoid these kind of problems
From: "=?utf-8?B?YXNoQGFzaGxleXNoZXJpZGFuLmNvLnVr?=" on
Switching to pdo won't necessarily remove sql errors any more than using a php framework will remove php errors.

Thanks,
Ash
http://www.ashleysheridan.co.uk

----- Reply message -----
From: "kranthi" <kranthi117(a)gmail.com>
Date: Mon, Oct 4, 2010 09:04
Subject: [PHP] Syntax Error
To: <ash(a)ashleysheridan.co.uk>
Cc: "chris h" <chris404(a)gmail.com>, "Gary" <gpaul(a)paulgdesigns.com>, <php-general(a)lists.php.net>


As pointed out echo $insertSQl should help you locate many trivial
problems. But using PDO will avoid these kind of problems

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php