[SOLVED] Fatal error: You have an error in your SQL syntax;

[denoteone]

I have a php function that gets whois data and stores it in a variable well when I try to put that variable in my Database i get this fatal error:

 

Fatal error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's WHOIS database. ','11', '36', '19', '03','2009', 'http://mywebsitehere/'' at line 2 in

 

i can echo the the variable and the data is there. any ideas? any help would be awesome.

 

thanks,

[rhodesa]

If you echo the query just before executing, what is the output? my guess is that you aren't escaping something. make sure you use mysql_real_escape_string() on all data before putting it in your query

[Maq]

Code would be helpful.

[denoteone]

here is my a nip of the code

$ip_info = whois_ip($whois_ip_server, '-1', 'FALSE', $visitor_ip);

mysql_select_db($database_visitors, $visitors);
$sql = "INSERT INTO visitor_list (visitor_ip, visitor_whois, visitor_min, visitor_hour, visitor_day, visitor_month, visitor_year, 
visitor_ref, visitor_page) VALUES ('$visitor_ip','$ip_info','$visitor_hour', '$visitor_minute', '$visitor_day', '$visitor_month','$visitor_year', '$visitor_ref', '$visitor_page')";
$result = mysql_query($sql) or trigger_error(mysql_error(),E_USER_ERROR);

 

[denoteone]

I can show you the output if you need it.

[kickstart]

Hi

 

Can you echo out $sql before executing it?

 

All the best

 

Keith

[denoteone]

INSERT INTO visitor_list (visitor_ip, visitor_whois, visitor_min, visitor_hour, visitor_day, visitor_month, visitor_year, visitor_ref, visitor_page) VALUES ('208.252.157.121','[Querying whois.arin.net] [whois.arin.net] OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgID: MCICS Address: 22001 Loudoun County Pkwy City: Ashburn StateProv: VA PostalCode: 20147 Country: US NetRange: 208.192.0.0 - 208.255.255.255 CIDR: 208.192.0.0/10 NetName: UUNET1996B NetHandle: NET-208-192-0-0-1 Parent: NET-208-0-0-0-0 NetType: Direct Allocation NameServer: AUTH03.NS.UU.NET NameServer: AUTH00.NS.UU.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1996-05-08 Updated: 2006-12-14 RTechHandle: OA12-ARIN RTechName: UUnet Technologies, Inc., Technologies RTechPhone: +1-800-900-0241 RTechEmail: help4u@verizonbusiness.com OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-mail@verizonbusiness.com OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: help4u@verizonbusiness.com OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: swipper@verizonbusiness.com OrgTechHandle: JHU140-ARIN OrgTechName: Huffines, Jody OrgTechPhone: +1-703-886-6093 OrgTechEmail: Jody.Huffines@verizonbusiness.com CustName: OCD Network Integration Systems Address: 1031 East 3rd Street City: Dayton StateProv: OH PostalCode: 45402 Country: US RegDate: 2001-06-07 Updated: 2003-05-30 NetRange: 208.252.156.0 - 208.252.157.255 CIDR: 208.252.156.0/23 NetName: UU-208-252-156 NetHandle: NET-208-252-156-0-1 Parent: NET-208-192-0-0-1 NetType: Reassigned Comment: RegDate: 2001-06-07 Updated: 2003-05-30 RTechHandle: OA12-ARIN RTechName: UUnet Technologies, Inc., Technologies RTechPhone: +1-800-900-0241 RTechEmail: help4u@verizonbusiness.com OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-mail@verizonbusiness.com OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: help4u@verizonbusiness.com OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: swipper@verizonbusiness.com OrgTechHandle: JHU140-ARIN OrgTechName: Huffines, Jody OrgTechPhone: +1-703-886-6093 OrgTechEmail: Jody.Huffines@verizonbusiness.com # ARIN WHOIS database, last updated 2009-03-18 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. ','12', '17', '19', '03','2009', 'http://www.stratacache.com/', 'http://www.stratacache.com/0!!_company.php')

[rhodesa]

in your WHOIS info, there is the string ARIN's WHOIS which the ' needs to be escaped. use this instead:

$ip_info = whois_ip($whois_ip_server, '-1', 'FALSE', $visitor_ip);

mysql_select_db($database_visitors, $visitors);
$ip_info = mysql_real_escape_string($ip_info); //Add this line
$sql = "INSERT INTO visitor_list (visitor_ip, visitor_whois, visitor_min, visitor_hour, visitor_day, visitor_month, visitor_year,
visitor_ref, visitor_page) VALUES ('$visitor_ip','$ip_info','$visitor_hour', '$visitor_minute', '$visitor_day', '$visitor_month','$visitor_year', '$visitor_ref', '$visitor_page')";
$result = mysql_query($sql) or trigger_error(mysql_error(),E_USER_ERROR);

[denoteone]

Thanks can I remove the post with the echo of the sql info. I prefer not to have it there if at all possible.

 

thanks,

[rhodesa]

you mean the echo() in your script? of course, once it's working you can get rid of that

[denoteone]

I want to remove the info that I posted on the forum from my echo (Posted on: Today at 10:55:45 AM).

 

I already got rid of the echo on my php page.

[rhodesa]

ah, posts are only editable for a short time after posting

[denoteone]

well it is working thanks for your help i am going to get into the habit of using mysql_real_escape_string();

 

thanks again!