Syntax error!

[twilitegxa]

I keep getting this error and can't figure uotu what's wrong with my syntax:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3

 

Here is my code:

 

<?php
//connect to database
$conn = mysql_connect("localhost", "root", "")
or die(mysql_error());
mysql_select_db("smrpg",$conn) or die(mysql_error());

$display_block = "<h1>My Store - Item Detail</h1>";

//validate item
$get_item = "select c.cat_title, si.item_title, si.item_price,
si.item_desc, si.item_image from store_items as si left join
store_categories as c on c.id = si.cat_id where si.id = 

$_GET[item_id]";

$get_item_res = mysql_query($get_item) or die(mysql_error());

if (mysql_num_rows($get_item_res) < 1) {
//invalid item
$display_block .= "<p><em>Invalid item selection.</em></p>";
} else {
//valid item, get info
$cat_title = strtoupper(stripslashes(
mysql_result($get_item_res,0,'cat_title')));
$item_title = 

stripslashes(mysql_result($get_item_res,0,'item_title'));
$item_price = mysql_result($get_item_res,0,'item_price');
$item_desc = 

stripslashes(mysql_result($get_item_res,0,'item_desc'));
$item_image = mysql_result($get_item_res,0,'item_image');

//make breadcrumb trail
$display_block .= "<p><strong>You are viewing:</em><br />
<a href=\"seestore.php?cat_id=$cat_id\">$cat_title</a>
> $item_title</strong></p>

<table cellpadding=3 cellspacing=3>
<tr>
<td valign=middle align=center><img src=\"$item_image\"></td>
<td valign=middle><p><strong>Description:</strong><br 

/>$item_desc</p>
<p><strong>Price:</strong> \$$item_price</p>";

//get colors
$get_colors = "select item_color from store_item_color where 

item_id = $item_id order by item_color";
$get_colors_res = mysql_query($get_colors) or die(mysql_error());

if (mysql_num_rows($get_colors_res) > 0) {

$display_block .= "<p><strong>Available Colors:</strong><br />";

while ($colors = mysql_fetch_array($get_colors_res)) {
$item_color = $colors['item_color'];

$display_block .= "$item_color<br />";
}
}

//get sizes
$get_sizes = "select item_size from store_item_size where
item_id = $item_id order by item_size";
$get_sizes_res = mysql_query($get_sizes) or doe(mysql_error());

if (mysql_num_rows($get_sizes_res) > 0) {

$display_block .= "<p><strong>Available Sizes:</strong><br />";

while ($sizes = mysql_fetch_array($get_sizes_res)) {
$item_size = $sizes['item_size'];

$display_block .= "$item_size<br />";
}
}

$display_block .= "
</td>
</tr>
</table>";

}
?>
<html>
<head>
<title>My Store</title>
</head>
<body>
<?php print $display_block; ?>
</body>
</html>

[trq]

For starters $_GET[item_id] should be $_GET['item_id']. Secondly, are you sure $_GET['item_id'] contains a value?

 

Its poor practice to insert user inputed data straight into your queries like that, try this....

 

$id = mysql_real_escape_string($_GET['item_id']);
$get_item = "select c.cat_title, si.item_title, si.item_price,
si.item_desc, si.item_image from store_items as si left join
store_categories as c on c.id = si.cat_id where si.id = $id";

$get_item_res = mysql_query($get_item) or die(mysql_error() . "<br />" . $get_item);

 

What is your error now?

[twilitegxa]

Well, I am working with a tutorial in a book, but since I'm new to programming, sometimes I run into errors and don't see them. I just tried first changing the line $_GET[item_id] to $_GET['item_id'], and now I'm receiving another error:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\files\showitem.php on line 12

 

What will that code that you suggested do? I need my code to work with my exisiting database and entries in the database. Will that still work with it? Sorry, I just don't know much botu coding yet. :-( Still learning.

[DarkWater]

That's because arrays ALSO need to be enclosed in { }.

 

{$_GET['item_id']}

[Ken2k7]

For starters $_GET[item_id] should be $_GET['item_id']. Secondly, are you sure $_GET['item_id'] contains a value?

 

Its poor practice to insert user inputed data straight into your queries like that, try this....

 

$id = mysql_real_escape_string($_GET['item_id']);
$get_item = "select c.cat_title, si.item_title, si.item_price,
si.item_desc, si.item_image from store_items as si left join
store_categories as c on c.id = si.cat_id where si.id = $id";

$get_item_res = mysql_query($get_item) or die(mysql_error() . "<br />" . $get_item);

 

What is your error now?

I never knew that works. I always do it like this:

$id = mysql_real_escape_string($_GET['item_id']);
$get_item = "select c.cat_title, si.item_title, si.item_price,
si.item_desc, si.item_image from store_items as si left join
store_categories as c on c.id = si.cat_id where si.id = '$id'";

$get_item_res = mysql_query($get_item) or die(mysql_error() . "<br />" . $get_item);

[twilitegxa]

That's because arrays ALSO need to be enclosed in { }.

 

{$_GET['item_id']}

 

I tried this, but it didn't fix the problem. Also, I have other scripts that I haven't had to do that to and thry worked just fine, so I don't think that is the problem.

[DarkWater]

The way you do it is improper syntax. =/  Did you try thorpe's code?

[twilitegxa]

Not yet. I will try it next. The code I'm using is outdated I think, because the book I'm using for the tutorial is from it looks like 2003. That's probably why.

[twilitegxa]

His code didn't work. now I'm getting this error:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3

select c.cat_title, si.item_title, si.item_price, si.item_desc, si.item_image from store_items as si left join store_categories as c on c.id = si.cat_id where si.id =

 

 

[JasonLewis]

Make sure that $id has a value, after this line:

$id = mysql_real_escape_string($_GET['item_id']);

 

Put this:

echo "ID: ".$id;

 

If it's not showing anything, then you need to make sure that you have something in your address bar like www.website.com/index.php?id=42