Jump to content

Wrong syntax apparently?

naike

By naike
in PHP Coding Help

 Share

Recommended Posts

naike Newbie

naike

Posted
Posted

So, let me explain:

<?php
class MySqlDatabase {
private $connection;

function __construct() {
$this->database_connect();
}

public function database_connect() {
$this->connection = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); 

	if (!$this->connection) {
		die("Database connection failed: " . mysqli_error());
		}

}

public function database_query($sql) {
$query = mysqli_real_escape_string($sql, $this->connection);
$result = mysqli_query($query, $this->connection);
if(!$result) {
	die("Database query failed: " . mysqli_error());
	}
return $result;	
}



public function database_close() {
if (isset($this->connection)) {
	mysqli_close($this->connection);
	unset($this->connection);
}

}	
}
?>

 

Take a look at the database_query() method.

 

When I insert this into it from my index.php to test if it works:

<?php
$database = new MySqlDatabase();

$sql = "INSERT INTO `website`.`users` (`id`, `username`, `first_name`, `last_name`, `password`, `email`, `secret_question`, `secret_answer`, `create_time`) VALUES (NULL, 'joe', 'joe', 'doe', 'password123', '[email protected]', 'Who am I?', 'myself', '2010-10-16 13:37:59');";

$database->database_query($sql);
?>

Obviously the date and the password needs some working on (hashing and entering current time), but I get this error:

 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in ...includes\classes.php on line 32

 

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in ..includes\classes.php on line 33

 

Warning: mysqli_error() expects exactly 1 parameter, 0 given in ..includes\classes.php on line 35

Database query failed:

 

I I'm giving it a mysql syntax, but it doesn't work, also I get no error message. :(

Link to comment
https://forums.phpfreaks.com/topic/216005-wrong-syntax-apparently/
Share on other sites
naike Newbie

naike

Posted
  • Author
Posted

Okay I'm doubsle posting because I can't edit my post. (Why?)

 

Just giving an update:

 

    
<?php
public function database_query($sql) {
    $query = mysqli_real_escape_string($this->connection, $sql);
    $result = mysqli_query($this->connection, $query);
    if(!$result) {
        die("Database query failed: " . mysqli_error($this->connection));
        }
    return $result;    
    }
?>

Error:

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql' at line 1

naike Newbie

naike

Posted
  • Author
Posted

echo $sql to see what is coming into the function.

 

public function database_query($sql) {
    echo "function received: ".$sql."<br />\n";
    // rest of function

This is the function that goes in:

<?php
INSERT INTO users (id, username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES (NULL, 'joe', 'joe', 'doe', 'password123', '[email protected]', 'Who am I?', 'myself', '2010-10-16 13:37:59');
?>

this is after processing $sql to be SQL ready:

<?php
INSERT INTO users (id, username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES (NULL, \'joe\', \'joe\', \'doe\', \'password123\', \'[email protected]\', \'Who am I?\', \'myself\', \'2010-10-16 13:37:59\');
?>

naike Newbie

naike

Posted
  • Author
Posted

I just added those php tags to make it clear.

Anyway, I'll try to rewrite the function.

So instead of applying that to the whole query I would instad have it like this:

INSERT INTO users (password) VALUE ('$password');

and run $password through the escape string thing?

BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

what i'm getting at is this error:

 

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql' at line 1

 

apparently, the code is trying to literally execute the string '$sql'

naike Newbie

naike

Posted
  • Author
Posted

I thought it over, however I'm stuck now.

 

I have a database object that controlls everything related to my database.

So I want to include a method that adds the use to the database.

<html>
<form action="register/index.php" method="post">
Username: <input type="text" name="username" maxlength="20" value="<?php echo htmlentities($username); ?>" /><br />
First Name: <input type="text" name="first_name" maxlength="20" value="<?php echo htmlentities($first_name); ?>" /><br />
Last Name: <input type="text" name="laster_name" maxlength="20" value="<?php echo htmlentities($last_name); ?>" /><br />
Password: <input type="password" name="password" maxlength="30" value="<?php echo hash(sha512, $password); ?>" /><br />
Email: <input type="text" name="email" maxlength="30" value="<?php echo htmlentities($email); ?>" /><br />
Secret Question: <input type="text" name="secret_question" maxlength="35" value="<?php echo htmlentities($secret_question); ?>" /><br />
Secret Answer: <input type="text" name="secret_answer" maxlength="35" value="<?php echo htmlentities($secret_answer); ?>" /><br />
<input type="submit" name="" value="Submit" />
</form>
</html>

This is the form, the $_POST then gets submitted to register/index.php.

inside index.php:

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/values.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/functions.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/classes.php";
?>

<?php
$database = new MySqlDatabase();

$database->db_input_user($_POST);

?>

 

Here is the method of the object MySqlDatabase:

<?php
public function db_input_user($array) { 
    foreach ($array as $input => $value) {
    $result = mysqli_real_escape_string($this->connection, $value);
    mysqli_query($this-connect, "INSERT INTO users (username, first_name, last_name, password, email, secret_question, secret_answer, create_time) VALUES " . ($result, $result, $result, $result, $result, $result, $result));
}
}
?>

I know that copy pasting $result wont do any good, and I'm aware it's not working, and why, but I just finished the function so I can show it to you.

Everything is wrong here, probably the way I'm approaching this too :D

Can you suggest a way for me to send the submitted information to the database.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.