Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

078274121, info0a ip, should prodicers of software_based services be held liable or not liable for economic injuries, should producers of soft ware based services such as ATMs be held liable for economic injuries suffered when their systems fail?, nisc wwwxxx, wwwxxx0cm, should producers of software-based services, such as atms, be held liable for economic injuries suffered when their systems fail?, wwwxxx0cm, www.webdp.net, Event 9 IIS log failed to write entry

Links

XODOX
Impressum

#1: error

Posted on 2011-04-08 06:00:27 by Chris Stinemetz

I am getting the following error when I try to use my edit.php script:

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '' at line 1

I can't seem to find anything wrong with my syntax below.

Has anyone ever had this issue?

I have been googling it for a couple hours now.

Thank you in advance!

Chris

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
/*
EDIT.PHP
Allows user to edit specific entry in database
*/

// creates the edit record form
// since this form is used multiple times in this file, I have made
it a function that is easily reusable
function renderForm($id, $Cricket_Region, $Market, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red;
color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>Cricket Region: *</strong> <input type="text" name="Cricket
Region" value="<?php echo $Cricket_Region; ?>"/><br/>
<strong>Market: *</strong> <input type="text" name="Market"
value="<?php echo $Market; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}



// connect to the database
include('../PHP_Scripts/connect-db.php');


// check if the form has been submitted. If it has, process the form
and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$Cricket_Region =
mysql_real_escape_string(htmlspecialchars($_POST['Cricket_Re gion']));
$Market = mysql_real_escape_string(htmlspecialchars($_POST['Market'])) ;

// check that firstname/lastname fields are both filled in
if ($Cricket_Region == '' || $Market == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

//error, display form
renderForm($id, $Cricket_Region, $Market, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE expiringleases SET
Cricket_Region='$Cricket_Region', Market='$Market' WHERE id='$id'")
or die(mysql_error());

// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and
display the form
{

// get the 'id' value from the URL (if it exists), making sure that
it is valid (checking that it is numeric/larger than 0)
if (isset($_GET['id']))
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM expiringleases WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);

// check that the 'id' matches up with a row in the databse
if($row)
{

// get data from db
$Cricket_Region = $row['Cricket_Region'];
$Market = $row['Market'];

// show form
renderForm($id, $Cricket_Region, $Market, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value,
display an error
{
echo 'Error!';
}
}
?>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#2: Re: error

Posted on 2011-04-08 06:12:36 by Karl DeSaulniers

I believe this line should read..

ini_set('display_errors', 1);

Just something I think I caught. Might not be your solution though.

HTH,
Karl


On Apr 7, 2011, at 11:00 PM, Chris Stinemetz wrote:

> ini_set('display_errors', '1');

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#3: Re: error

Posted on 2011-04-08 06:31:39 by Jim Giner

The two query statements are different - in one you quote $id and in the
other you don't.

It is definitely a mysql error so it's not the line you suggested.

"Karl DeSaulniers" <karl@designdrumm.com> wrote in message
news:6FE62364-F9FC-4612-8C5D-6CE48FC662E5@designdrumm.com...
>I believe this line should read..
>
> ini_set('display_errors', 1);
>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#4: Re: error

Posted on 2011-04-08 07:13:26 by Chris Stinemetz

I am pretty sure it is in my code. I am just getting an error form one
of my echoes. Still can't get it to work correctly though. Any help is
greatly appreciated.

Thank you,

Chris

<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/

// creates the edit record form
// since this form is used multiple times in this file, I have made
it a function that is easily reusable
function renderForm($id, $Cricket_Region, $Market, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red;
color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>First Name: *</strong> <input type="text"
name="Cricket_Region" value="<?php echo $Cricket_Region; ?>"/><br/>
<strong>Last Name: *</strong> <input type="text" name="Market"
value="<?php echo $Market; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}



// connect to the database
include('../PHP_Scripts/connect-db.php');

// check if the form has been submitted. If it has, process the form
and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_string($_POST['Search_Ring']))
{
// get form data, making sure it is valid
$id = $_POST['Search_Ring'];
$Cricket_Region =
mysql_real_escape_string(htmlspecialchars($_POST['Cricket_Re gion']));
$Market = mysql_real_escape_string(htmlspecialchars($_POST['Market'])) ;

// check that Cricket_Region/Market fields are both filled in
if ($Cricket_Region == '' || $Market == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

//error, display form
renderForm($id, $Cricket_Region, $Market, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE expiringleases SET
Cricket_Region='$Cricket_Region', Market='$Market' WHERE
Search_Ring='$id'")
or die(mysql_error());

// once saved, redirect back to the view page
header("Location: ATC.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and
display the form
{

// get the 'id' value from the URL (if it exists), making sure that
it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['Search_Ring']))
{
// query db
$id = $_GET['Search_Ring'];
$result = mysql_query("SELECT * FROM expiringleases WHERE Search_Ring=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);

// check that the 'id' matches up with a row in the databse
if($row)
{

// get data from db
$Cricket_Region = $row['Cricket_Region'];
$Market = $row['Market'];

// show form
renderForm($id, $Cricket_Region, $Market, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value,
display an error
{
echo 'Error!';
}
}

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#5: Re: error

Posted on 2011-04-08 07:45:08 by Karl DeSaulniers

Hi Chris,
I believe you only need to do a htmlspecialchars when displaying data
as readable text that your retrieved from the database after inserting.
And probably some other situations as well, but I don't think you
need to do htmlspecialchars on the
mysql_real_escape data when inserting into the database.

HTH,
Best,

On Apr 8, 2011, at 12:13 AM, Chris Stinemetz wrote:

> mysql_real_escape_string(htmlspecialchars(

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#6: Re: error

Posted on 2011-04-08 07:52:10 by Karl DeSaulniers

Hi Chris,
Try this..
Or season to taste..

$q = "UPDATE expiringleases SET Cricket_Region =
'".mysql_real_escape_string($Cricket_Region)."', Market = ".
$Market."' WHERE Search_Ring = '".mysql_real_escape_string($id)."'";
mysql_query($q) or die(mysql_error());

Best,
Karl


On Apr 8, 2011, at 12:13 AM, Chris Stinemetz wrote:

> // save the data to the database
> mysql_query("UPDATE expiringleases SET
> Cricket_Region='$Cricket_Region', Market='$Market' WHERE
> Search_Ring='$id'")
> or die(mysql_error());

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#7: Re: error

Posted on 2011-04-08 07:57:08 by Karl DeSaulniers

Ooops.
Sry, forgot an escape.

$q = "UPDATE expiringleases SET Cricket_Region =
'".mysql_real_escape_string($Cricket_Region)."', Market =
".mysql_real_escape_string($Market)."' WHERE Search_Ring =
'".mysql_real_escape_string($id)."'";
mysql_query($q) or die(mysql_error());


Best,
Karl



On Apr 8, 2011, at 12:52 AM, Karl DeSaulniers wrote:

> Hi Chris,
> Try this..
> Or season to taste..
>
> $q = "UPDATE expiringleases SET Cricket_Region =
> '".mysql_real_escape_string($Cricket_Region)."', Market = ".
> $Market."' WHERE Search_Ring = '".mysql_real_escape_string($id)."'";
> mysql_query($q) or die(mysql_error());
>
> Best,
> Karl
>
>
> On Apr 8, 2011, at 12:13 AM, Chris Stinemetz wrote:
>
>> // save the data to the database
>> mysql_query("UPDATE expiringleases SET
>> Cricket_Region='$Cricket_Region', Market='$Market' WHERE
>> Search_Ring='$id'")
>> or die(mysql_error());
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#8: Re: error

Posted on 2011-04-08 13:13:53 by Phpster

On 2011-04-08, at 1:57 AM, Karl DeSaulniers <karl@designdrumm.com> wrote:

> Ooops.
> Sry, forgot an escape.
>=20
> $q =3D "UPDATE expiringleases SET Cricket_Region =3D '".mysql_real_escape_=
string($Cricket_Region)."', Market =3D ".mysql_real_escape_string($Market)."=
' WHERE Search_Ring =3D '".mysql_real_escape_string($id)."'";
> mysql_query($q) or die(mysql_error());
>=20
>=20
> Best,
> Karl
>=20
>=20
>=20
> On Apr 8, 2011, at 12:52 AM, Karl DeSaulniers wrote:
>=20
>> Hi Chris,
>> Try this..
>> Or season to taste..
>>=20
>> $q =3D "UPDATE expiringleases SET Cricket_Region =3D '".mysql_real_escape=
_string($Cricket_Region)."', Market =3D ".$Market."' WHERE Search_Ring =3D '=
".mysql_real_escape_string($id)."'";
>> mysql_query($q) or die(mysql_error());
>>=20
>> Best,
>> Karl
>>=20
>>=20
>> On Apr 8, 2011, at 12:13 AM, Chris Stinemetz wrote:
>>=20
>>> // save the data to the database
>>> mysql_query("UPDATE expiringleases SET
>>> Cricket_Region=3D'$Cricket_Region', Market=3D'$Market' WHERE
>>> Search_Ring=3D'$id'")
>>> or die(mysql_error());
>>=20
>> Karl DeSaulniers
>> Design Drumm
>> http://designdrumm.com
>>=20
>>=20
>> --=20
>> PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>=20
>=20
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>=20
>=20
> --=20
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20

Try echoing out the SQL and then runningnit thru some GUI like phpmyadmin. I=
t is usually pretty self evident where the problem is at that point

Bastien Koert
Sent from my iPhone=

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message