Jump to content

Wrong syntax apparently?


naike
 Share

Recommended Posts

So, let me explain:

<?php
class MySqlDatabase {
private $connection;

function __construct() {
$this->database_connect();
}

public function database_connect() {
$this->connection = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); 

	if (!$this->connection) {
		die("Database connection failed: " . mysqli_error());
		}

}

public function database_query($sql) {
$query = mysqli_real_escape_string($sql, $this->connection);
$result = mysqli_query($query, $this->connection);
if(!$result) {
	die("Database query failed: " . mysqli_error());
	}
return $result;	
}



public function database_close() {
if (isset($this->connection)) {
	mysqli_close($this->connection);
	unset($this->connection);
}

}	
}
?>

 

Take a look at the database_query() method.

 

When I insert this into it from my index.php to test if it works:

<?php
$database = new MySqlDatabase();

$sql = "INSERT INTO `website`.`users` (`id`, `username`, `first_name`, `last_name`, `password`, `email`, `secret_question`, `secret_answer`, `create_time`) VALUES (NULL, 'joe', 'joe', 'doe', 'password123', 'myemail@email.com', 'Who am I?', 'myself', '2010-10-16 13:37:59');";

$database->database_query($sql);
?>

Obviously the date and the password needs some working on (hashing and entering current time), but I get this error:

 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in ...includes\classes.php on line 32

 

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in ..includes\classes.php on line 33

 

Warning: mysqli_error() expects exactly 1 parameter, 0 given in ..includes\classes.php on line 35

Database query failed:

 

I I'm giving it a mysql syntax, but it doesn't work, also I get no error message. :(

Link to comment
Share on other sites

Okay I'm doubsle posting because I can't edit my post. (Why?)

 

Just giving an update:

 

    
<?php
public function database_query($sql) {
    $query = mysqli_real_escape_string($this->connection, $sql);
    $result = mysqli_query($this->connection, $query);
    if(!$result) {
        die("Database query failed: " . mysqli_error($this->connection));
        }
    return $result;    
    }
?>

Error:

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql' at line 1

Link to comment
Share on other sites

echo $sql to see what is coming into the function.

 

public function database_query($sql) {
    echo "function received: ".$sql."<br />\n";
    // rest of function

This is the function that goes in:

<?php
INSERT INTO users (id, username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES (NULL, 'joe', 'joe', 'doe', 'password123', 'myemail@email.com', 'Who am I?', 'myself', '2010-10-16 13:37:59');
?>

this is after processing $sql to be SQL ready:

<?php
INSERT INTO users (id, username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES (NULL, \'joe\', \'joe\', \'doe\', \'password123\', \'myemail@email.com\', \'Who am I?\', \'myself\', \'2010-10-16 13:37:59\');
?>

Link to comment
Share on other sites

I just added those php tags to make it clear.

Anyway, I'll try to rewrite the function.

So instead of applying that to the whole query I would instad have it like this:

INSERT INTO users (password) VALUE ('$password');

and run $password through the escape string thing?

Link to comment
Share on other sites

what i'm getting at is this error:

 

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql' at line 1

 

apparently, the code is trying to literally execute the string '$sql'

Link to comment
Share on other sites

I thought it over, however I'm stuck now.

 

I have a database object that controlls everything related to my database.

So I want to include a method that adds the use to the database.

<html>
<form action="register/index.php" method="post">
Username: <input type="text" name="username" maxlength="20" value="<?php echo htmlentities($username); ?>" /><br />
First Name: <input type="text" name="first_name" maxlength="20" value="<?php echo htmlentities($first_name); ?>" /><br />
Last Name: <input type="text" name="laster_name" maxlength="20" value="<?php echo htmlentities($last_name); ?>" /><br />
Password: <input type="password" name="password" maxlength="30" value="<?php echo hash(sha512, $password); ?>" /><br />
Email: <input type="text" name="email" maxlength="30" value="<?php echo htmlentities($email); ?>" /><br />
Secret Question: <input type="text" name="secret_question" maxlength="35" value="<?php echo htmlentities($secret_question); ?>" /><br />
Secret Answer: <input type="text" name="secret_answer" maxlength="35" value="<?php echo htmlentities($secret_answer); ?>" /><br />
<input type="submit" name="" value="Submit" />
</form>
</html>

This is the form, the $_POST then gets submitted to register/index.php.

inside index.php:

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/values.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/functions.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/classes.php";
?>

<?php
$database = new MySqlDatabase();

$database->db_input_user($_POST);

?>

 

Here is the method of the object MySqlDatabase:

<?php
public function db_input_user($array) { 
    foreach ($array as $input => $value) {
    $result = mysqli_real_escape_string($this->connection, $value);
    mysqli_query($this-connect, "INSERT INTO users (username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES " . ($result, $result, $result, $result, $result, $result, $result));
}
}
?>

I know that copy pasting $result wont do any good, and I'm aware it's not working, and why, but I just finished the function so I can show it to you.

Everything is wrong here, probably the way I'm approaching this too :D

Can you suggest a way for me to send the submitted information to the database.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.