From: "Gary" on 3 Oct 2010 12:47 I have just created a registration page using Webassist, and I am getting a syntax error that I am not understanding. Anyone be able to point me in the right direction? You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' NULL, NULL)' at line 1 This is the code (I have not modified it) <?php require_once('Connections/local.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) { $MM_dupKeyRedirect=""; $loginUsername = $_POST['id']; $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername . "'"; mysql_select_db($database_local, $local); $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); //if there is a row in the database, the username was found - can not add the requested username if($loginFoundUser){ $MM_qsChar = "?"; //append the username to the redirect page if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar .."requsername=".$loginUsername; header ("Location: $MM_dupKeyRedirect"); exit; } } ?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } ?> <?php if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "WAATKRegistrationForm")) { $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['relationship'], "text"), GetSQLValueString($_POST['story'], "text"), GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'], "text"), GetSQLValueString($_POST['submitted'], "date")); mysql_select_db($database_local, $local); $Result1 = mysql_query($insertSQL, $local) or die(mysql_error()); $insertGoTo = "family_LogIn.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?> Thanks again for the help. Gary __________ Information from ESET Smart Security, version of virus signature database 5499 (20101003) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: chris h on 3 Oct 2010 13:14 On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul(a)paulgdesigns.com> wrote: > I have just created a registration page using Webassist, and I am getting a > syntax error that I am not understanding. Anyone be able to point me in > the > right direction? > > You have an error in your SQL syntax; check the manual that corresponds to > your MySQL server version for the right syntax to use near ' NULL, NULL)' > at > line 1 > > This is the code (I have not modified it) > > <?php require_once('Connections/local.php'); ?> > <?php > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType, $theDefinedValue = "", > $theNotDefinedValue = "") > { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > > $theValue = function_exists("mysql_real_escape_string") ? > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > <?php > // *** Redirect if username exists > $MM_flag="MM_insert"; > if (isset($_POST[$MM_flag])) { > $MM_dupKeyRedirect=""; > $loginUsername = $_POST['id']; > $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername . > "'"; > mysql_select_db($database_local, $local); > $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error()); > $loginFoundUser = mysql_num_rows($LoginRS); > > //if there is a row in the database, the username was found - can not add > the requested username > if($loginFoundUser){ > $MM_qsChar = "?"; > //append the username to the redirect page > if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; > $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar > ."requsername=".$loginUsername; > header ("Location: $MM_dupKeyRedirect"); > exit; > } > } > ?> > <?php > $editFormAction = $_SERVER['PHP_SELF']; > if (isset($_SERVER['QUERY_STRING'])) { > $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); > } > > ?> > <?php > if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == > "WAATKRegistrationForm")) { > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, > %s, > %s, %s, %s, %s, %s)", > GetSQLValueString($_POST['firstname'], "text"), > GetSQLValueString($_POST['lastname'], "text"), > GetSQLValueString($_POST['email'], "text"), > GetSQLValueString($_POST['password'], "text"), > GetSQLValueString($_POST['relationship'], "text"), > GetSQLValueString($_POST['story'], "text"), > GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'], > "text"), GetSQLValueString($_POST['submitted'], "date")); > > mysql_select_db($database_local, $local); > $Result1 = mysql_query($insertSQL, $local) or die(mysql_error()); > > $insertGoTo = "family_LogIn.php"; > if (isset($_SERVER['QUERY_STRING'])) { > $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; > $insertGoTo .= $_SERVER['QUERY_STRING']; > } > header(sprintf("Location: %s", $insertGoTo)); > } > ?> > > Thanks again for the help. > > Gary > > > > __________ Information from ESET Smart Security, version of virus signature > database 5499 (20101003) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > MySQL is not liking a query. It looks to be this one: $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)", I would echo or log $insertSQL just before you pass it to mysql_query() and see if the SQL syntax looks right. Chris.
From: Ashley Sheridan on 3 Oct 2010 14:03 On Sun, 2010-10-03 at 13:14 -0400, chris h wrote: > On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul(a)paulgdesigns.com> wrote: > > > I have just created a registration page using Webassist, and I am getting a > > syntax error that I am not understanding. Anyone be able to point me in > > the > > right direction? > > > > You have an error in your SQL syntax; check the manual that corresponds to > > your MySQL server version for the right syntax to use near ' NULL, NULL)' > > at > > line 1 > > > > This is the code (I have not modified it) > > > > <?php require_once('Connections/local.php'); ?> > > <?php > > if (!function_exists("GetSQLValueString")) { > > function GetSQLValueString($theValue, $theType, $theDefinedValue = "", > > $theNotDefinedValue = "") > > { > > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > > > > $theValue = function_exists("mysql_real_escape_string") ? > > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > > > > switch ($theType) { > > case "text": > > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > > break; > > case "long": > > case "int": > > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > > break; > > case "double": > > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; > > break; > > case "date": > > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > > break; > > case "defined": > > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > > break; > > } > > return $theValue; > > } > > } > > ?> > > <?php > > // *** Redirect if username exists > > $MM_flag="MM_insert"; > > if (isset($_POST[$MM_flag])) { > > $MM_dupKeyRedirect=""; > > $loginUsername = $_POST['id']; > > $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername . > > "'"; > > mysql_select_db($database_local, $local); > > $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error()); > > $loginFoundUser = mysql_num_rows($LoginRS); > > > > //if there is a row in the database, the username was found - can not add > > the requested username > > if($loginFoundUser){ > > $MM_qsChar = "?"; > > //append the username to the redirect page > > if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; > > $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar > > ."requsername=".$loginUsername; > > header ("Location: $MM_dupKeyRedirect"); > > exit; > > } > > } > > ?> > > <?php > > $editFormAction = $_SERVER['PHP_SELF']; > > if (isset($_SERVER['QUERY_STRING'])) { > > $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); > > } > > > > ?> > > <?php > > if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == > > "WAATKRegistrationForm")) { > > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, > > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, > > %s, > > %s, %s, %s, %s, %s)", > > GetSQLValueString($_POST['firstname'], "text"), > > GetSQLValueString($_POST['lastname'], "text"), > > GetSQLValueString($_POST['email'], "text"), > > GetSQLValueString($_POST['password'], "text"), > > GetSQLValueString($_POST['relationship'], "text"), > > GetSQLValueString($_POST['story'], "text"), > > GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'], > > "text"), GetSQLValueString($_POST['submitted'], "date")); > > > > mysql_select_db($database_local, $local); > > $Result1 = mysql_query($insertSQL, $local) or die(mysql_error()); > > > > $insertGoTo = "family_LogIn.php"; > > if (isset($_SERVER['QUERY_STRING'])) { > > $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; > > $insertGoTo .= $_SERVER['QUERY_STRING']; > > } > > header(sprintf("Location: %s", $insertGoTo)); > > } > > ?> > > > > Thanks again for the help. > > > > Gary > > > > > > > > __________ Information from ESET Smart Security, version of virus signature > > database 5499 (20101003) __________ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > MySQL is not liking a query. It looks to be this one: > > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s, > %s, %s, %s, %s, %s)", > > I would echo or log $insertSQL just before you pass it to mysql_query() and > see if the SQL syntax looks right. > > > Chris. Does sprintf enclose the replacement strings in single quotes, as I don't believe it does, so it could be that it is choking on. Try running the SQL through something like phpMyAdmin, or a dedicated tool like MySQL Workbench, which should be able to pin-point the issue if it's not immediately obvious. Thanks, Ash http://www.ashleysheridan.co.uk
From: kranthi on 4 Oct 2010 04:04 As pointed out echo $insertSQl should help you locate many trivial problems. But using PDO will avoid these kind of problems
From: "=?utf-8?B?YXNoQGFzaGxleXNoZXJpZGFuLmNvLnVr?=" on 4 Oct 2010 04:16 Switching to pdo won't necessarily remove sql errors any more than using a php framework will remove php errors. Thanks, Ash http://www.ashleysheridan.co.uk ----- Reply message ----- From: "kranthi" <kranthi117(a)gmail.com> Date: Mon, Oct 4, 2010 09:04 Subject: [PHP] Syntax Error To: <ash(a)ashleysheridan.co.uk> Cc: "chris h" <chris404(a)gmail.com>, "Gary" <gpaul(a)paulgdesigns.com>, <php-general(a)lists.php.net> As pointed out echo $insertSQl should help you locate many trivial problems. But using PDO will avoid these kind of problems -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
|
Pages: 1 Prev: Is it possible to create a global namespace alias? Next: cant find uploaded file in /tmp. |