[SOLVED] Error In SQL Syntax

Akenatehm · February 7, 2009

Hey Guys,

I am getting this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES('The Admin Team at Server', '0', 'Thanks for Voting and Purchasing an I' at line 1

with the following code:

<?php

$host = "localhost";
$name = "username";
$pass = "pass";
$db = "db";

$con = mysql_connect($host,$name,$pass);
if (!$con)
{
die('Failed to Connect:' . mysql_error());
}

$selectdb = mysql_select_db($db);
if (!$selectdb)
{
die('Failed to Select Database:' . mysql_error());
}

$username = $_COOKIE['Username'];
$item = $_POST['item'];
$checkusername = mysql_query("SELECT * FROM points WHERE account = '$username' ");

if(!$checkusername)
{
die('Failed to Check Your Username' . mysql_error());
}
elseif(mysql_num_rows($checkusername) == 0)
{
echo "Your Username Does not Exist on the Database";
}
else 
{
$enoughpoints = mysql_query("SELECT requiredpoints FROM rewards WHERE name = '$item'");

if(!$enoughpoints)
{
die('Failed to Check Points of Item' . mysql_error());
}
else
{
while ($results = mysql_fetch_array($enoughpoints, MYSQL_ASSOC))
{	
$cost = $results['requiredpoints'];
}
$userpoints = mysql_query("SELECT * FROM points WHERE account = '$username'");
$userpointsresults = mysql_fetch_array($userpoints, MYSQL_ASSOC);
$userhaspoints = $userpointsresults['points'];

if(!$userpoints)
{
die('Failed to Check Your Points' . mysql_error());
}
else
{
if($cost > $userhaspoints)
{
echo "You do not have enough points";
}
else{
$character = $_POST['charactername'];
$amount = $cost;
$deduct = mysql_query("UPDATE points SET points = points - " . $amount . " WHERE account = '" . $username . "' AND points >= '" . $amount . "';");
if (!$deduct)
{
die('Failed to Deduct Gold' . mysql_error());
}
else{
$getguid = mysql_query("SELECT guid FROM characters WHERE name = '$character'");
if(!$getguid)
{
die('Could Not Find GUID of User' . mysql_error());
}
else{
$sortguid = mysql_fetch_array($getguid, MYSQL_ASSOC);
$userhaspoints = $sortguid['guid'];

$getitemid = mysql_query("SELECT itemid FROM rewards WHERE name = '$item'");
if(!$getitemid)
{
die('Could Not Find ID of Item' . mysql_error());
}
else{
$sortitemid = mysql_fetch_array($getitemid, MYSQL_ASSOC);

$itemid = $sortitemid['itemid'];

/*Email Form Starts Hereeeeeeeeeeeeeeeeeeeeeeeeeeeee ########################################################################################################################################################################################################################*/

echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
echo '<html xmlns="http://www.w3.org/1999/xhtml">';
echo '<head>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
echo '<title>Ingame Mail</title>';
echo '<link href="style.css" rel="stylesheet" type="text/css">';
echo '</head><body>';
echo '<table border="0" align="center">';
// connect to the db
mysql_connect($host, $name, $pass) or die("Cannot connect: ".mysql_error());
mysql_select_db($db) or die("Cannot select database. ".mysql_error());
// get user inputs

$sender_guid = "The Admin Team at Server";
$receiver_guid = $character;
$subject = "Thanks for Voting and Purchasing an Item from Our Store! ";
$body = "Here is the item you have purchased from the CorpseWoW Website Voting Rewards System";
$stationary = '';
$money = $_POST['money'];
$item_id = "$itemid";
//
$receiver_guid = mysql_real_escape_string(html_entity_decode(htmlentities($receiver_guid)));
$subject = mysql_real_escape_string(html_entity_decode(htmlentities($subject)));
$body = mysql_real_escape_string(html_entity_decode(htmlentities($body)));
$stationary = mysql_real_escape_string(html_entity_decode(htmlentities($stationary)));
$money = mysql_real_escape_string(html_entity_decode(htmlentities($money)));
$item_id = mysql_real_escape_string(html_entity_decode(htmlentities($item_id)));
$query = mysql_query("SELECT * from characters WHERE name = '".$receiver_guid."'");
while($result = mysql_fetch_array($query))
{
$guid = $result['guid'];
$query1 = "INSERT INTO mailbox_insert_queue(sender_guid, receiver_guid, subject, body, stationary, money, item_id,)
VALUES('$sender_guid', '$guid', '$subject', '$body', '$stationary', '$money', '$item_id')";
$result = mysql_query($query1) or die(mysql_error());
echo "<tr><td align=center>";
echo "Mail Sent.";
echo "</td></tr>";
}
mysql_close();
}
}
}
}
}
}
}
?>

Philip · February 7, 2009

Change:

$query1 = "INSERT INTO mailbox_insert_queue(sender_guid, receiver_guid, subject, body, stationary, money, item_id,)
VALUES('$sender_guid', '$guid', '$subject', '$body', '$stationary', '$money', '$item_id')";

to:

$query1 = "INSERT INTO `mailbox_insert_queue` (`sender_guid`, `receiver_guid`, `subject`, `body`, `stationary`, `money`, `item_id`) 
VALUES ('$sender_guid', '$guid', '$subject', '$body', '$stationary', '$money', '$item_id')";
echo $query1;

I think I took care of the error, but echoing it would show where the error is if it is still in there.

Akenatehm · February 7, 2009

Thanks. That fixed it. Much appreciated

Philip · February 7, 2009

Yup - reason was "item_id,)" - the extra comma

Sign In

[SOLVED] Error In SQL Syntax

Recommended Posts

Akenatehm

Link to comment

Share on other sites

Philip

Link to comment

Share on other sites

Akenatehm

Link to comment

Share on other sites

Philip

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information