Member Avatar for dancks

error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Its valid sql I checked I just don't understand what would cause that error. I also tried different statements and they worked. So I don't get it.

code:

<?php $con = mysql_connect('localhost','me','omglol');
mysql_select_db('dancks_db',$con);
?>
<?php
session_start();
$session_name = "forces";
$com=0;
function logout()
{
        $_SESSION = array();
        session_destroy();
        //header('Location:http://cs4.sunyocc.edu/~j.d.dancks/index.php');
}
if(!isset($_SESSION['time']) || !isset($_SESSION['nick']))
{
        $com=2;
        logout();
}
else if($_SESSION['time'] < time())
{
        $com=3;
        logout();
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$query_Recordset1 = sprintf("select * from Item where ItemID=%i",$_GET['id']);
$Recordset1 = mysql_query($query_Recordset1, $con) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
if(mysql_num_rows($Recordset1)!=1)
{
    header('Location:http://cs4.sunyocc.edu/~j.d.dancks/onestopshop/productnotfound.html');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php echo "<title>".$row_Recordset1['name']."</title>\n"; ?>
</head>
<body>
<div id="header">
<?php echo "<h1>".$row_Recordset1['name']."</h1>\n"; ?>
</div>
<div id="content">
   <div id="image-container-left">
      <div style="background-color:black; border:thick;">
         <?php
            if(isset($row_Recordset1['image']))
            {
                echo "<img src=\"images/".$row_Recordset1['image']."\" />\n";
            }
            else
            {
                echo "<img src=\"images/noimage.jpg\" />\n";
            }
         ?>
      </div>
   </div>
   <div id="right-container">
      <div id="info">
         <div id="description">
            <?php
                echo "<p>".$row_Recordset1['descr']."</p>\n";
            ?>
         </div>
         <div id="bids">
            <?php echo "<h2>Highest Bid: $".$row_Recordset1['highest_bid']."</h2>\n"; ?>
            <?php if(isset($_SESSION['name']))
            {
            echo "            <p>Place your bid here:</p>
            <form id=\"bid-enter\" action=\"registerbid.php\" method=\"post\">\n
                <input type=\"text\" name=\"bid\" />\n
                <input type=\"hidden\" name=\"prod\" value=".$row_Recordset1['ItemID']."\" />\n
                <input type=\"submit\" />\n
            </form>\n";
            }
            ?>
         </div>
      </div>
      <div id="nav-pane">
      </div>
   </div>
</div>
<div id="footer">
</div>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>
  • 5 Contributors
  • 7 Replies
  • 361 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by radow
Member Avatar for LastMitch

@dancks

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Try to used double qoutes not single qoutes

From this

<?php 

$con = mysql_connect('localhost','me','omglol');

mysql_select_db('dancks_db',$con);

?>

to this:

<?php 

$con = mysql_connect("localhost","me","omglol");

mysql_select_db("dancks_db",$con);

?>
Member Avatar for dancks

From what I can tell it doesn't change anything. I added:

$selected=mysql_select_db("dancks_db",$con);
{
    die("Couldn't select db");
}

and the die was triggered. So it doesn't fail when connecting, just when pick the database

Member Avatar for LastMitch

@dancks

and the die was triggered. So it doesn't fail when connecting, just when pick the database

So you can connected to the db but not able select?

Instead of this:

$selected=mysql_select_db("dancks_db",$con);
{
die("Couldn't select db");
}

Try this:

<?php $con = mysql_connect("localhost","me","omglol"); ?>

<?php mysql_query("your db", $con); ?>

Member Avatar for urtrivedi

I added line at line between 58 and 59 like following, copy that output of query, run that in phpmyadmin directly

$query_Recordset1 = sprintf("select * from Item where ItemID=%i",$_GET['id']);
echo $query_Recordset1;
$Recordset1 = mysql_query($query_Recordset1, $con) or die(mysql_error());
Member Avatar for dancks

Adam Adamski got it right I was using an undefined type identifier. I replaced %i with %d and it worked.

Also untrivedi echoing the query before executing would've been the smart thing to do for debugging. Thanks guys.

Member Avatar for radow

I think what variable $_GET['id'] empty. Before will execute query, add check

if(!empty($_GET[id]))
{
    //execute MySQL query
}

and to bring this variable to an "int" ((int)$_GET['id'])

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.