syntax error in sql 5.1.41

[BBJ]

I get this error "Error preforming query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1"

 

whith the script below using sql 5.1.41 yet it works fine using sql 4.0.24

 

<?php


include("includes/configure.inc");

//******* [ START: Database Connection ] **********

$connection = mysql_connect($host, $user, $password)
or die('<p>Unable to connect to the database at this time.</p>' );

//Select Daniels Data Base
$db = mysql_select_db($database)
or die('<p>Unable to locate the Daniels' . 'database at this time.</p>' );

//******* [ END: Database Connection ] ************



$result = mysql_query("SELECT ID, DATE_FORMAT(d_date, '%a %b %D') as d_date, first_name, last_name, nee, obituary FROM obituaries WHERE ID='$obitid'");

if (!$result) {
die('<p>Error preforming query: ' . 
mysql_error() . '</p>');
}

$x=0;

while ( $x < mysql_numrows($result)):
        //Gather Variable Data from $result array
        
        $id = mysql_result($result, $x, 'id');
        $d_date = mysql_result($result, $x, 'd_date');
        $first_name = mysql_result($result, $x, 'first_name');
        $last_name = mysql_result($result, $x, 'last_name');
        $nee = mysql_result($result, $x, 'nee');
	  $obituary = mysql_result($result, $x, 'obituary');



// Request the text of obituaries
{
$obituary = htmlspecialchars($obituary);
$obituary = ereg_replace("\r",'',$obituary);
$obituary = ereg_replace("\n\n",'</p><p>',$obituary);
$obituary = ereg_replace("\n",'<br />',$obituary);
$obituary = eregi_replace('\[b]','<b>',$obituary);
$obituary = eregi_replace('\[eb]','</b>',$obituary);
$obituary = eregi_replace('\[i]','<em>',$obituary);
$obituary = eregi_replace('\[ei]','</em>',$obituary);



echo "<br><br>test<b>$first_name, $last_name</b>";
echo "<br>nee ($nee)";
echo "<br>$d_date";
echo "<br>$obituary<br>"; 
}
$x++;
endwhile;
?>   

[sunfighter]

Since this error says LINE 1, I'd look in the includes/configure.inc file for the problem.

[PFMaBiSmAd]

The error's in line 1 of the sql statement.

 

I would form the query statement in a php variable (and use that variable in the mysql_query() statement) and then echo that variable so that you can see exactly what the query statement is.

 

You most likely have some extra characters in the $obitid value that is breaking the sql syntax. Where is $obitid being set at in the code?

[ManiacDan]

Agreed, obitid is probably the problem.

 

Like what was stated above, print out your fully-formed query and look at it to find the error.  There's probably an apostrophe in your obitId

 

Also, sunfighter's tip is wrong.  MySQL and PHP are separate languages.  The error you were getting was coming from the MySQL server, which ONLY knows about the single-line query you sent it. 

 

-Dan

[BBJ]

Thanks!!

yes it was an apostrophe in the obitId

[ManiacDan]

Thanks!!

yes it was an apostrophe in the obitId

Which tells me:

1)  Your IDs are not numeric.  You should fix that

2)  You're not passing strings through mysql_real_escape_string, which would have solved this problem entirely.

[BBJ]

ID's are smallint and auto_increment

I did add this line to the script  $obitid = mysql_real_escape_string($obitid);

 

Thanks again!

 

John

[ManiacDan]

If they're smallint and auto-increment:

1)  Why are you quoting them, they're numbers.

2)  What happens when you overload the smallint datatype?  It will run out at 32767 rows.

3)  If you're expecting a number, how did you get an apostrophe?

[BBJ]

If they're smallint and auto-increment:

1)  Why are you quoting them, they're numbers.

2)  What happens when you overload the smallint datatype?  It will run out at 32767 rows.

3)  If you're expecting a number, how did you get an apostrophe?

 

Sorry Dan, you're talking above my head, just learning sql here.

1) What do you mean by quoting the numbers?

2) don't think we'll need more id's than that in the next 20 years

3) my mistake it was a single quote not an apostrophe and it came from the previous page <a href=obituary.php?first=no&lastName=1&last_name_ID=$obitid' target='blank'> and picked up on the new page <?php  $obitid = $_GET[last_name_ID]; ?>

 

John

 

 

 

[ManiacDan]

1)  Your statement includes quotes around the variable:  WHERE ID='$obitid'

 

2)  Famous last words.

 

3)  the HREF attribute (like ALL HTML attributes) must be surrounded by double quotes.