Php MYSQL error message help

Question

1baxter1 0 Newbie Poster

15 Years Ago

Hi Ive just came across this syntax error and have no idea on how to go about fixing it hope someone can help? Im using Php myadmin # Server version: 5.0.45 # Protocol version: 10

Here is the error:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES('test my a', 'img/photo/tab_bg.gif', 'img/thumb/tab_bg.gif', '')' at line 1"

<?php

require 'config.php';
require 'functions.php';
require 'common.php';


if(isset($_FILES['fupload'])) {

    $filename = addslashes($_FILES['fupload']['name']);
    $source = $_FILES['fupload']['tmp_name'];    
    $target = $path_to_image_directory . $filename;
    $description = $_POST['description']; 
	$category = addslashes($_POST['category']); 
    $source = $path_to_image_directory . $filename;
    $thumb = $path_to_thumbs_directory  . $filename;    
    
    
    // Validates the form input
    
    if(strlen($_POST['description']) < 4) 
    $error['description'] = '<p class="alert">Please enter a description for your photo. </p>';
	
    
    if($filename == '' || !preg_match('/[.](jpg)|(gif)|(png)|(jpeg)$/', $filename)) 
    $error['no_file'] = '<p class="alert">Please select an image, dummy! </p>';
    
    if(!$error) {
        move_uploaded_file($source, $target);    
        
        $q = "INSERT INTO photo (description, source, thumb, category,) VALUES('$description', '$source', '$thumb', '$category')";
        $result = $mysqli->query($q) or die(mysqli_error($mysqli));
        
        if($result) {
            echo "Success! Your file has been uploaded";
        }
        
        createThumbnail($filename);
        
    }  // end preg_match
}     

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
	<link rel="stylesheet" href="css/default.css" />
	<title>My Photos</title>
</head>

<body>
    <h1>My Photos</h1>
    <ul><?php getPhotos(); ?></ul>

    <h1>Upload a Photo</h1>
    <form enctype="multipart/form-data" method="post" action="admin.php">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
	    <p><input type="file" name="fupload" /></p>
	    
	    <p><label for="description">Enter a Description: </label>
	    <textarea rows="6" cols="50" id="description" name="description"></textarea></p>
        
        Please choose a category:
            <select name="select">
      <option>Sports</option>
      <option>London</option>
      <option>Macro</option>
      <option>Landscapes</option>
      <option>Local</option>
    </select>
	    
	    <p><input type="submit" value="Upload Photo" name="submit" /></p>
    </form>

mysql php

2 Contributors
3 Replies
118 Views
10 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by claritydigital

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

claritydigital -4 Light Poster · Answer 1 · 2009-03-23T07:13:50+00:00

Hi there,
You need to addslashes() to $_POST. SQL will not accept special chars without them first being escaped.

Code updated:

<?php

require 'config.php';
require 'functions.php';
require 'common.php';


if(isset($_FILES['fupload'])) {

    $filename = addslashes($_FILES['fupload']['name']);
    $source = $_FILES['fupload']['tmp_name'];    
    $target = $path_to_image_directory . $filename;
    $description = addslashes($_POST['description']); 
	$category = addslashes($_POST['category']); 
    $source = $path_to_image_directory . $filename;
    $thumb = $path_to_thumbs_directory  . $filename;    
    
    
    // Validates the form input
    
    if(strlen($_POST['description']) < 4) 
    $error['description'] = '<p class="alert">Please enter a description for your photo. </p>';
	
    
    if($filename == '' || !preg_match('/[.](jpg)|(gif)|(png)|(jpeg)$/', $filename)) 
    $error['no_file'] = '<p class="alert">Please select an image, dummy! </p>';
    
    if(!$error) {
        move_uploaded_file($source, $target);    
        
        $q = "INSERT INTO photo (description, source, thumb, category,) VALUES('$description', '$source', '$thumb', '$category')";
        $result = $mysqli->query($q) or die(mysqli_error($mysqli));
        
        if($result) {
            echo "Success! Your file has been uploaded";
        }
        
        createThumbnail($filename);
        
    }  // end preg_match
}     

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
	<link rel="stylesheet" href="css/default.css" />
	<title>My Photos</title>
</head>

<body>
    <h1>My Photos</h1>
    <ul><?php getPhotos(); ?></ul>

    <h1>Upload a Photo</h1>
    <form enctype="multipart/form-data" method="post" action="admin.php">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
	    <p><input type="file" name="fupload" /></p>
	    
	    <p><label for="description">Enter a Description: </label>
	    <textarea rows="6" cols="50" id="description" name="description"></textarea></p>
        
        Please choose a category:
            <select name="select">
      <option>Sports</option>
      <option>London</option>
      <option>Macro</option>
      <option>Landscapes</option>
      <option>Local</option>
    </select>
	    
	    <p><input type="submit" value="Upload Photo" name="submit" /></p>
    </form>

1baxter1 0 Newbie Poster · Answer 2 · 2009-03-23T07:19:02+00:00

Thank you!, i also had a extra comma after $category which i just noticed on your post lol. thanks again

claritydigital -4 Light Poster · Answer 3 · 2009-03-23T07:23:11+00:00

claritydigital -4 Light Poster

15 Years Ago

Happy coding:)