SQL syntax error - php

Im fairly new to both PHP and SQL but what i want is for the details entered into my form to be inserted into a database.
The code i have written works and the data is submitted into the database but there are a couple things not right.
Firstly here is the code;
<?php
include "credentials.php";
function insert_post($cnhost,$cnusername,$cnpassword,$cndatabase,$titlein,$contentin,$comment_optionin) {
$connect = mysqli_connect($cnhost,$cnusername,$cnpassword,$cndatabase);
if (mysqli_connect_errno($connect))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}else{
echo "Connection Success! <br>";
$submitpost_query = mysqli_query($connect,"INSERT INTO blog_posts (title,content,comment_option) VALUES ('".$titlein."','".$contentin."','".$comment_optionin."')");
if (!mysqli_query($connect,$submitpost_query))
{
die('Error: ' . mysqli_error($connect));
}else{
echo "Post submitted.";
}
mysqli_close($connect);
}
}
$title = $_POST["title"];
$content = $_POST["content"];
$comment_option = $_POST["comment_option"];
insert_post($host,$username,$password,$database,$title,$content,$comment_option);
?>
Although the data is submitted into the database as i want i get the following error;
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"
The $comment_option variable contains the value 1 or 0, depending on which radio button is selected so this error might be referring to this variable but this SQL error is the same whether the value of $comment_option is 1 or 0.
I do see "Connection success!" before this error but do not see "Post submitted" even though the post is actually submitted. Any ideas why?
As well as helping me with this problem i would be very grateful if somebody could give me some general tips to improve what iv wrote. I am a noob so im sure there's a few things that could be improved here!
Thanks very much!


The problem is here:
if (!mysqli_query($connect,$submitpost_query))
You're passing a mysqli_query result which is $submitpost_query to another mysqli_query which is in the if statement.


The problem is with following chunk of code
if (!mysqli_query($connect,$submitpost_query))
it should be instead following
if (!$submitpost_query)
Reason : You are executing return object again through mysql_queri function that is causing warning, invalid resource, as this function only excepts valid sql query or connection object


I know your question is answered but I seriously recommend you to sanitize the POST data before concatenating it in a query.

Related

1064: SQL syntax (MySQL INSERT)

To Start.. I am using mysqli_real_escape_string() on every text field, and leaving INT as they are:
The following query successfully inserts the record into the table without fail, every field is correctly stored... There has to be something I'm being glib about, I have blurry coding eyes at this point... But after the INSERT statement is run, mysqli_error($con) tosses the following error:
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
(I'm nearly 100% certain I do not even use the number 1 at all, whether it be in the php code or a value)
$query = mysqli_query($con,"INSERT INTO hj_media
(mediaID,MedDropID,MediaName,GLCode,Store,MediaType,MiscDetail,ArtDueDate,RunDate,EndDate,AdvMonth,Size,Dimensions,TotalCost,HJShare,CoOpShare,Vendor,HamiltonFiscal,VendorFiscal,AdDescription,Category,AddedtoVCM,ArtworkRequested,InvoiceProcessed,BilledVendor,NetCost,ProductionCost,CostPiece,QuantityOrdered,HJCostPrinting,Postage,DDFee,EventDescription,EventDate,DateToPrint,DateInMail,DateInHome,TotalPrintQuantity,TotalMailFile,TotalActualMail,ReturnedPieces,SalesResultsUnits,SaleResultsDollars,SpendNonPrint,SpendPrint,SpendAdvertising,SpendPR,MediaNameOther,ClientPersona,Campaign)
VALUES(NULL,$add_medid,'$add_vehicle',$add_glcode,'$add_loclist','$add_type','$add_miscdetails','$add_artdate','$add_rundate','$add_enddate','$add_month','$add_size','$add_dimensions','$add_totalcost','$add_hjshare','$add_coopshare','$add_vendor',$add_hamiltonfiscal,$add_vendorfiscal,'$add_addescription','$add_category','$add_addedtovcm','$add_artworkrequested','$add_invoiceprocessed','$add_billedvendor','$add_netcost','$add_productioncost','$add_costperpiece',$add_quantityordered,'$add_hjprintcost','$add_postage','$add_ddfee','$add_eventdescription','$add_eventdate','$add_datetoprint','$add_dateinmail','$add_dateinhome',$add_printquantity,$add_totalmailfile,$add_totalactualmail,$add_returnedpieces,$add_salesunits,'$add_salesdollars','$add_spendnonprint','$add_spendprint','$add_spendadvertising','$add_spendpr','$add_medianameother','$add_persona','$add_campaign')");
if (mysqli_query($con, $query)) {
echo "New record created successfully";
}
else {
echo mysqli_errno($con) . ": " . mysqli_error($con) . "\n";
}

UPDATED QUERY, TRY THIS
$query="INSERT INTO hj_media
(mediaID,MedDropID,MediaName,GLCode,Store,MediaType,MiscDetail,ArtDueDate,RunDate,EndDate,AdvMonth,Size,Dimensions,TotalCost,HJShare,CoOpShare,Vendor,HamiltonFiscal,VendorFiscal,AdDescription,Category,AddedtoVCM,ArtworkRequested,InvoiceProcessed,BilledVendor,NetCost,ProductionCost,CostPiece,QuantityOrdered,HJCostPrinting,Postage,DDFee,EventDescription,EventDate,DateToPrint,DateInMail,DateInHome,TotalPrintQuantity,TotalMailFile,TotalActualMail,ReturnedPieces,SalesResultsUnits,SaleResultsDollars,SpendNonPrint,SpendPrint,SpendAdvertising,SpendPR,MediaNameOther,ClientPersona,Campaign) ";
$query.=" VALUES(NULL,$add_medid,'$add_vehicle',$add_glcode,'$add_loclist','$add_type','$add_miscdetails','$add_artdate','$add_rundate','$add_enddate','$add_month','$add_size','$add_dimensions','$add_totalcost','$add_hjshare','$add_coopshare','$add_vendor',$add_hamiltonfiscal,$add_vendorfiscal,'$add_addescription','$add_category','$add_addedtovcm','$add_artworkrequested','$add_invoiceprocessed','$add_billedvendor','$add_netcost','$add_productioncost','$add_costperpiece',$add_quantityordered,'$add_hjprintcost','$add_postage','$add_ddfee','$add_eventdescription','$add_eventdate','$add_datetoprint','$add_dateinmail','$add_dateinhome',$add_printquantity,$add_totalmailfile,$add_totalactualmail,$add_returnedpieces,$add_salesunits,'$add_salesdollars','$add_spendnonprint','$add_spendprint','$add_spendadvertising','$add_spendpr','$add_medianameother','$add_persona','$add_campaign');";
$result =mysqli_query($con,$query);
If($result){
echo "Success"';
}
else{
echo " query failed ". mysqli_errno();
}

The problem is yoir sending a boolean gotten from the first query test into another mysqli query function. It's a good thing to have set a variable that refernces your query string, so that you use but this value in the mysqli query function . Try this
$query="put your myqli query here;";
$result =mysqli_query($con,$query);
If($result){
echo "Success"';
}
else{
echo " query failed ". mysqli_errno();
}
can you knidly thick the question answered if this solves your problem ?

PHP Connection To Azure-SQL Database

In the below code, I try to connect to an azure-sql database with PHP, and in the first part of the if, I write out if the connection failed, which I don't receive. In the next else, I write out if the connection passed, which I get the message on ("Connection succeeded"). This appears to connect correctly; however, I do get an output of 0 even though it clearly hits this part of the else. I can't tell from research if 0 means success, but if it the connection failed, wouldn't it hit the first part of the if?
The problem is that this code isn't outputting the array column added to the string, so it appears that while it's registering as succeeding, it's actually failing, or something else is wrong, like the syntax.
<?php
/// Test variable
$writeOutResult = "Result: ";
/// VARIABLES NOT INCLUDED
/// Connect
$connInfo = array("Database"=>$azureDB
, "UID"=>$azureUser
, "PWD"=>$azurePass
, "MultipleActiveResultSets"=>true
);
$conn = sqlsrv_connect($azureServer,$connInfo);
/// Test connection
if($conn === false)
{
//FatalError("Server unavailable.");
$writeOutResult = "Connection failed.";
}
else
{
echo "Connection succeeded";
$get = sqlsrv_query($conn,$query);
while ($row = sqlsrv_fetch_array($get, SQLSRV_FETCH_ASSOC))
{
$writeOutResult += $row["Column"];
}
}
?>
<html>
<head><title></title></head>
<body>
<p>Output:</p>
<?php
echo $writeOutResult;
?>
</body>
</html>

It seems that there is no obvious error on PHP. I tested on my side and which worked fine.
It could be the case of following causes, you can check one by one.
Please check the SQL query stmt, whether it's correct, you can query it in SSMS for verification.
Check the value and data type. Whether it can be plus directly.
Any further concern, please feel free to let me know.

Warning: mysqli_query(): Couldn't fetch mysqli in C:\ ... on line 13

although this question has been asked (and answered) many times, I didn't find a solution to the problem.
Here is my code:
<?php
#session_start();
include("./include/config.php");
include("./include/db_connect.php");
include("functions.php");
if (!isset($_GET['artikelID'])){$_GET['artikelID'] = "";}
if (!isset($_SESSION['UserID'])){$_SESSION['UserID'] = "";}
$sql = "SELECT kundenID FROM kunden WHERE username = '".$_POST['myusername']."' AND password = '".md5($_POST['mypassword'])."' ";
$result = mysqli_query($connect, $sql) OR die("<pre>\n".$sql."</pre>\n".mysqli_connect_error()); // this is line 13
$row = mysqli_fetch_assoc($result);
if (mysqli_num_rows($result)==1){
doLogin($row['kundenID'], isset($_POST['Autologin']));
header("location:cart.php?action=add&artikelID=".$_GET['artikelID']."&id=". $_SESSION['UserID'] ." ");
}
else {
header("location:k_login.php?error=TRUE ");
}
include("./include/db_close.php");
?>
mysqli_connect_error() shows me the absolute correct sql-query; the sql-query is tested with a tool named mysql-front and brings exactly one (and the correct one) result, which is 'kundenID'.
I have tested many things (like $_SESSION['connect'] or $_GLOBALS['connect'] instead of $connect in db_connect.db), but with no result.
Can anyone please help me?
-- Update --
Why does nobody answer?
Is the description of the problem unclear?
The db-connection is established like this:
<?php
error_reporting(E_ALL);
$connect = mysqli_connect($dbserver,$dbuser,$dbpass,$dbname);
// Check connection
if (mysqli_connect_errno()){
echo "Zeile ".__LINE__.": Datenbankverbindung ist fehlgeschlagen ! " . mysqli_connect_error();
exit();
}
?>
All the db-variables are known in the checklogin-script (tested). All the $_POST-variables are also known in the checklogin-script (tested). I even tried a hard-coded sql-query (with the real data of the test-record in the db).
The result is still the same: mysqli_connect_error() reports the correct query - but then nothing more happens.
I have spent more than 10 hours in the meantime. I really would appreciate, if someone could help me.

Couldn't fetch mysqli means that PHP is unable to identify the contents of your $connect variable as a valid mysqli connection. Try adding some error handling into "./include/db_connect.php" to get an idea of what happened to the mysqli connection that is preventing you from using it.

MYSQL error while inserting data using php

I am practicing php and sql. at a stage when I'm trying to enter a record into a table with 2 exiting records. but it doesn't add and show an error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=('Aqeela','Nasreen','Hakeem Chattah')' at line 1"
Why is it not entering a record in data base. Is there any syntax error?
$username="root";
$pass="";
$database="addressbook";
$server="127.0.0.1";
$con=mysql_connect($server,$username,$pass);
$db_found=mysql_select_db($database,$con);
if($db_found)
{
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
$result=mysql_query($sql_insert);
if(!$result){
print "sorry cannot proceed your request<br>".mysql_error();
}
else
{
// print "recorded entered successfuly<br>";
// print "now dATABASES AFTER EDITING ARE<BR><br>";
$new_sql="SELECT*FROM table_address_book";
$result_after_editing=mysql_query($new_sql);
while($db_field_edited=mysql_fetch_assoc($result_after_editing))
{
print $db_field_edited['ID']."<br>";
print $db_field_edited['f_name']."<br>";
print $db_field_edited['l_name']."<br>";
print $db_field_edited['address']."<br>";
print "<BR><BR><BR>";
}
mysql_close($con);
}
}
else
{
die("unable to connect database ".mysql_error());
}

The error clearly shows place where error in syntax occur.
Remove that =
INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')"

I think there is an error in your INSERT INTO statment, you have written wrong VALUES part.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
you need to remove "=" from your VALUES= part like this.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')";
please correct this line of code in your code and check it again.

Remove the = sign from VALUES=(...)

There's no '=' after VALUES, just:
VALUES (val1, val2, .., valN)

mysql_errno and mysql_error always reporting something

I have a query written as
mysql_query($query,$conn)
or
die(
"A MySQL error has occurred.<br />Your Query: " . $query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());
echo "You have been entered into our Database!";
This outputs
A MySQL error has occurred.
Your Query: INSERT INTO users (uid, twname, privacy) VALUES (15400743, 'gdhdh', 'accepted')
Error: (0)
so it doesn't list any errors or anything. When I copy/paste that query into the SQL tab of PHPMyAdmin, it runs successfully, and the DB connection isn't throwing anything bad (I know it works because a query works well elsewhere):
function get_db_conn() {
$conn = mysql_connect($GLOBALS['db_ip'], $GLOBALS['db_user'], $GLOBALS['db_pass']);
mysql_select_db($GLOBALS['db_name'], $conn);
return $conn;
}
Any thoughts on what I could fix? I'd really appreciate it.

Error 0 means that no error occurred.
Therefore if the code to output an error is being run when no error occurred you have a logic error in your code surrounding the call to the mysql_query() function.
It's hard to tell from your code what should and shouldn't run under different conditions and where the error may lie.
The following code is logically equivalent to what you are trying to achieve and should work as expected.
This code more clearly separates calling the mysql_query() function from checking the result of calling the function. I have also formatted the code a little to that it displays without any horizontal scrolling, although that's purely optional.
$queryResult = mysql_query($query, $conn);
if ($queryResult === false) {
$errorMessage = "A MySQL error has occurred.<br />"
. "Your Query: ".$query."<br />"
. " Error: (".mysql_errno().") ".mysql_error();
die($errorMessage);
}

I'm not sure if this is exactly what you're looking for, but the argument to the function is called $query, and the variable in your error is $your_query, so the value of $your_query displays in the error, but who knows what is in $query, so if it's NULL, that might cause the error number 0 with no message.

Categories