• 0

mysql error..


Question

I'm getting an error, even though the script is executing correctly. I'm trying to send information from a form to a function:

I am learning to use functions and want to send information over from the submitted form to the function? here is the code i have so far, which seems to work, but i do get an error:

form action="index.php?add=config"


$add = $_GET['add'];
switch($add) {
case "config":
updateConfig($_POST['text']);
break;
}
[/PHP]

this should then send $_POST['text'] to the function?

[PHP]
function updateConfig() {

$ticker = $_POST['text'];

$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

if (!mysql_query($query)) {
die('Error: ' . mysql_error());
} else {
echo "<p>Update Successful. Your changes will appear immediately.</p>\n <p><a href=\"/admin/\">Go back</a></p>";
}
}
[/PHP]

This does update but i get this error:

[CODE]Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1[/CODE]

Am i using the function and passing the info in the correct way? what is causing the error?

Link to comment
Share on other sites

22 answers to this question

Recommended Posts

  • 0

Hi,

I've never used mysql before so this may be totally wrong ^.^

I think your problem is that the function is not expecting any data to be passed to it. So instead try having :

function updateConfig(&lt;variable here&gt;) {

Let me know if that works out.

Link to comment
Share on other sites

  • 0

The way you have defined the function it does not take any input data. But in your usage you have input data going in to the function. That can be the issue.

Link to comment
Share on other sites

  • 0


function updateConfig($ticker) {

$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

if (!mysql_query($query)) {
die('Error: ' . mysql_error());
} else {
echo '<p>Update Successful. Your changes will appear immediately.</p>\n <p><a href="/admin/">Go back</a></p>';
}
}
[/PHP]

Might also be a good idea to sanitise your inputs....

Link to comment
Share on other sites

  • 0


function updateConfig($ticker) {

	$query = mysql_query("UPDATE config SET text='$ticker' WHERE name = 'ticker'");

	if (!mysql_query($query)) {
		die('Error: ' . mysql_error());
	} else {
		echo "&lt;p&gt;Update Successful. Your changes will appear immediately.&lt;/p&gt;\n &lt;p&gt;&lt;a href=\"/admin/\"&gt;Go back&lt;/a&gt;&lt;/p&gt;";
	}
}


case "config":
						$ticker = $_POST['text'];
						updateConfig($ticker);
					break;

i tried this, it still updates but still gives the error.

Link to comment
Share on other sites

  • 0


$ticker = $_POST['text'];
$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");
[/PHP]

A few points:

1. Your error message - most likely you need to learn to use mysql_real_escape_string() before including strings in SQL queries, or your code is at the mercy of the passed parameters not breaking your queries

2. you're passing a parameter to your function, but in the definition you're still using $_POST directly, discarding the parameter. Better align the definition and the usage of the function

3. point 1. above more or less means you'll do well to read up on XSS(Cross Site Scripting), especially SQL injection attacks, as your applications will otherwise (at your current coding style) be very vulnerable indeed

Never trust the data that has been passed by any user. Always escape/sanitize it before using it in critical points such as SQL queries (an injection can wipe or, worse, dump your whole database into a browser screen) OR outputting it back as part of pages (i.e. comments to a forum post - if you don't use htmlentities() or similar (to render tags treated as text and not as code), one can post JAVASCRIPT as a comment and infest your page with redirects to malicious locations, nasty alert boxes, etc..)

Good luck

Link to comment
Share on other sites

  • 0
i tried this, it still updates but still gives the error.

There is a problem with your query and it has nothing to do with function arguments. Just post the query please. Instead of...

$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

Do...

$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");
echo $query;

And tell us what it says.

Link to comment
Share on other sites

  • 0

echo $query;

returns:

1

Err, you're running the query twice. I guess we all missed it. Replace...

$query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

With...

$query = "UPDATE config SET text = '$ticker' WHERE name = 'ticker'";

Link to comment
Share on other sites

  • 0

 $query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

 if (!mysql_query($query)) {

You're running the query twice. First:

 $query = mysql_query("UPDATE config SET text = '$ticker' WHERE name = 'ticker'");

This will update the database and returns the number of affected rows, which is 1. After that you have:

 if (!mysql_query($query)) {

which means: if(!mysql_query(1)) { } ... which is wrong of course. $query = 1 because of the previous line.

 $query = "UPDATE config SET text = '$ticker' WHERE name = 'ticker'";

 if (!mysql_query($query)) { }

This will solve your error.

Link to comment
Share on other sites

  • 0

unrelated but can anyone see the syntax error in here, i've been messing for hours, i can't find it:

 		$artist = $_POST['artist'];
		$track = $_POST['track'];
		$desc = $_POST['desc'];
		$genre = $_POST['genre'];
		$rlsDate = $_POST['rlsDate'];
		$catNo = $_POST['catNo'];
		$buy = $_POST['buy'];

		$artwork = $_FILES['picture']['name'][0];
		if (!$artwork) {
			echo "cc.jpg";
		}

		$query = "INSERT INTO releases (artist, track, description, genre, date, artwork, release, buy) VALUES ('$artist', '$track', '$desc', '$genre', '$rlsDate', '$artwork', '$catNo', '$buy')";

		if (!mysql_query($query)) {
			die('Error: ' . mysql_error());
		} else {
			echo "&lt;p&gt;Update Successful. Your changes will appear immediately.&lt;/p&gt;\n &lt;p&gt;&lt;a href=\"/admin/\"&gt;Go back&lt;/a&gt;&lt;/p&gt;";		}

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'release, buy) VALUES ('Alex BassJunkie', 'test', 'test......', 'uk hardcore', 'f' at line 1

Link to comment
Share on other sites

  • 0
Use

$query = "INSERT INTO releases (`artist`, `track`, `description`, `genre`, `date`, `artwork`, `release`, `buy`) VALUES ('$artist', '$track', '$desc', '$genre', '$rlsDate', '$artwork', '$catNo', '$buy')";

instead of 

$query = "INSERT INTO releases (artist, track, description, genre, date, artwork, release, buy) VALUES ('$artist', '$track', '$desc', '$genre', '$rlsDate', '$artwork', '$catNo', '$buy')";

Link to comment
Share on other sites

  • 0

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''artist', 'track', 'description', 'genre', 'date', 'artwork', 'release', 'buy') ' at line 1

:(

Link to comment
Share on other sites

  • 0

Are you using back tick ? Its the one below the escape key. You seem to be using single quote which is not the same. At what you have posted/pasted appears to be single quote and not the back tick.

Link to comment
Share on other sites

  • 0

ahh yes, did not know that, so what about this one, as it's also giving me an error i cant seem to shift:


function updateRelease() {

		$id = $_GET['id'];

		$artist = $_POST['artist'];
		$track = $_POST['track'];
		$desc = $_POST['desc'];
		$genre = $_POST['genre'];
		$rlsDate = $_POST['rlsDate'];
		$catNo = $_POST['catNo'];
		$buy = $_POST['buy'];

		$fileName = $_FILES['picture']['name'][0];	
		$photo = substr($fileName, 0, strrpos($fileName, '.')); 

		$query = "UPDATE releases SET artist='$artist', track='$track', description='$desc', genre='$genre', date='$rlsDate', release='$catNo', buy='$buy'";
		if ($photo!="") { $query .=", artwork='$photo'"; }
		$query .=" WHERE id='$id'";

	if (!mysql_query($query)) {
		die('Error: ' . mysql_error());
	} else {
		echo "&lt;p&gt;Update Successful. Your changes will appear immediately.&lt;/p&gt;\n &lt;p&gt;&lt;a href=\"/admin/\"&gt;Go back&lt;/a&gt;&lt;/p&gt;";
	}
}

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'release='CR006', buy='htgfgdfg' WHERE id=''' at line 1

Link to comment
Share on other sites

  • 0

Uplift, you only need to put ' ' around the variable in the $query string if it is a VARCHAR, STRING, or DATE format (etc). If it's an int or double (etc) then remove the ' ' around the $buy or whatever variables aren't strings or varchars (etc).

My guess though is it's the '$id', I assume your ID is an int... try putting id=$id instead.

Also if it's still wrong, since you're putting variables in a string first, you may need to put {} around each variable... So your code would be:

$query = "UPDATE releases SET artist='{$artist}', track='{$track}', description='{$desc}', genre='{$genre}', date='{$rlsDate}', release='{$catNo}', buy='{$buy}'";
if ($photo!="") { $query .=", artwork='$photo'"; }
$query .=" WHERE id={$id}";

Link to comment
Share on other sites

  • 0

didnt work unfortunately.

The strange thing is i have a similar script on a different table which works fine:



		$query = "UPDATE artists SET name='$name', town='$town', artist='$artist', dob='$dob', production_styles='$pstyles', dj_styles='$dj_styles', fav_style='$fav_style', started_producing='$sproducing', started_dj='$djn', signed='$signed', releases='$release', contact='$contact', soundcloud='$soundcloud', bio='$bio'";
		if ($photo!="") { $query .= ", photo='$photo'"; }
		$query .= " WHERE id = '$id'";

Link to comment
Share on other sites

  • 0

ahh yes, did not know that, so what about this one, as it's also giving me an error i cant seem to shift:

...

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'release='CR006', buy='htgfgdfg' WHERE id=''' at line 1

RELEASE is a reserved word. You have to back quote column names that are reserved words.

$query = "UPDATE releases SET artist='$artist', track='$track', description='$desc', genre='$genre', date='$rlsDate', `release`='$catNo', buy='$buy'";

Generally, whatever MySQL tells you to troubleshoot is exactly what you troubleshoot. If it says there's a '1' breaking your query when you didn't put a 1 in your query, you echo the query and look for where the 1 is coming from. If it says there's a problem near the word 'release', you troubleshoot near the word release.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.