Can someone help me with a digishop problem please?

[cg1701]

I am trying to add a digital download store to my website. Everything creates fine, adding products, adding images, store design etc. But when I try to add a category to a product I get this error message:

 

This error said :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '|Issues')">

', `CATEGORY` = '-1-', `CATC` = '1', `JUMPBOX` = '1', `HEA' at line 1

 

I have been in touch with the scripts author who says it is a problem on my server. I have been in touch with my server provider for help and they say it is an error in the program that keeps inserting a | before the category title and they cannot find the error in my query.php and says it is something to do with $id. It is so confusing.

 

Could someone please help. Its driving me nuts and this is all that is holding me back. I am a total newbie to PHP and for some damned reason I have a huge blind spot when it comes to it.

 

Hope someone can help.

 

Thanks in advance.

 

Colin

[PFMaBiSmAd]

What have you done to narrow down where exactly your code and data are doing what you expect and where they are not? I can guarantee that the problem lies somewhere between those two points. If all you have done is tried your code and you are getting a query error, all you have narrowed down the problem to is somewhere in your code up to the point of that query. It could be a problem in your form or in your form processing code.

 

For anyone here to be able to directly help with what your code and data are doing, you would need to post ALL the code needed to reproduce the problem (less any database credentials.) I can think of at least two possible reasons, one in the code producing your form (i.e. the data isn't what you expect) and one in the code producing the query statement, that could be causing a query to look like that.

[cg1701]

Hi PFMaBiSmAd thank you for the reply. I am so new to all this. What information should i attach? My query.php?

 

Or anything else. My server support said they could not see the CATERGORIES listed in the query.php so I am not sure what to do or attach.

 

[PFMaBiSmAd]

Let's start a little more basic than posting a ton of code. What application is this? Is it an open-source cart script, and if so, which one and which version? A commercial/purchased cart script? A custom script written for you?

[cg1701]

Its digishop, open source, purchased. I have been told the error could be somewhere in this:

 

<snip>

 

Mod edit: removed posted database definitions from purchased script..

 

[PFMaBiSmAd]

For a purchased script, you need to get support from the author (your licensing agreement with the author and/or the code's copyright likely prohibits posting any of the code anyway.)

 

If the author is stating the problem is something on the server, he needs to specifically tell you what exactly the problem is.

[cg1701]

Thanks PFMaBiSmAd, I did get in touch with them and all they would say after an hour on to them was it was a problem with the way my server provider understands the syntex.

 

I am just being given the run around so decided this morning to put it in to the hands of Trading Standards who have taken it on board and are going to pursue this legally for me.

 

How do i edit/delte the post with the code i posted?

[PFMaBiSmAd]

I'll remove that portion of the database definition for you...

 

From a programming standpoint, their application appears to be producing an invalid query statement (it looks like a quote is missing or perhaps has been replaced with a | character - the first single-quote shown is part of the error message and it also looks like some of the submitted data is carrying some html with it - the '>' character) either due to submitting the wrong data from the form or there is something in the data that was submitted to the form processing code that it did not take into account.

 

About the only thing that would be helpful here is if you state what values you actually tried to submit for the category and title and if you can print/echo out the actual query statement that was being executed that the error corresponds to.

 

Edit: one of the things that might be causing this query syntax problem is if the code (in the form) is using short opening php <? tags, so that the value being submitted for a field in the query statement actually contains the tail end of some raw php code. To detect if this is the case, do a 'view source' of the form page in your browser and look for anything in the area of the category or title form fields that looks like raw php code starting with a <?, instead of a full <?php tag.

[cg1701]

Thanks PFMaBiSmAd I appreciate that. That is what my server says it is adding an | before the category titile.

 

I feel daft asking (but i am so new to this) but how can i get the information you are requesting. I feel that you may have the solution with you putting all that info. If I know exactly how and what to provide I can do it within the next hour.

 

Again many many thanks.

[cg1701]

I do not onow if I am looking in the right place (i got this by viewing source from the page I input the category in):

 

<td class="td4"> Categories:

<div id="Layer1" style="position:absolute; width:200px; height:115px; z-index:1; visibility: hidden">

<textarea id="jbpot" name="JBPOT" cols="40" rows="10"></textarea>

<input type="text" name="CATEGORY" id="CATEGORY" value="">

<input type="text" id = "CATC" name="CATC" value="">

 

Its the only place on that page I could see that seems to mention categories

[PFMaBiSmAd]

To echo out the actual query statement, you would need to add a  line of code at the point right before where the query is being executed. There are two possibilities -

 

1) The existing code is already forming the query statement in a php variable. In this case you will simply add an echo $some_variable_name; statement.

 

2) The existing code is forming the query statement inside the program statement that executes the query. Something like $result = mysql_query("the actual query statement is here..."); In this case, you can simply duplicate (copy/paste) that whole query statement into an echo statement - echo "the actual query statement is here..."; (the initial and final quotes present in the existing code need to be carried through in this code.)

[PFMaBiSmAd]

For the portion of the 'view source' you posted, is there more following that for the TITLE? It appears that the title field in the query is where the error is detected at.

 

Also, what category and title information did you submit that resulted in that query error?

[cg1701]

This is so way above my head now. I am not sure if I am even viewing the correct source. The one I am viewing and supplying the sections to is the page I click on to add a category to a title.

 

Can i send you a private message with an attachment of the source view? Then you would get it all in one chunk.

 

Maybe best I just leave it in the hands of trading standards and hopefully that will force them into helping me at the source.

 

I just do not know. Part of me says screw the £99 I paid for it and just forget it and put it down to experience. I just don't know its all going over my head at the moment.

 

Edit: On a further note my server provider said it was something to do with the value of $id again not sure what they meant it was left all up in the air.

[PFMaBiSmAd]

Edit: On a further note my server provider said it was something to do with the value of $id again not sure what they meant it was left all up in the air.

 

Only if the value being put into the id is or contains a bunch of extra/wrong data.

 

Go ahead and PM me with the 'view source' of the entire page the form is on.

 

-----------------------------------------

 

If the part of their script doesn't function correctly for a commonly used feature, adding categories, and they aren't, can't, or won't troubleshoot the problem, I would get your money back. There are literally millions of php scripts with a form and form processing code that can correctly produce an insert or update query and execute it. This has nothing to do with your server. It can have something to do with php code that used a lazy-way feature of php that resulted in non-portable code that won't work on common server configurations. On the outside chance this is something that is php or mysql version specific, the author should be specifically telling you if that is the cause of the problem.

[PFMaBiSmAd]

I have received your pm. There's nothing like I suspected on that page (form values='' that are coming from short <? tag statements that are not working.)

 

Unfortunately, that page requires external Javascript files to make it fully work. I wanted to see what exact data it does submit.

 

Is this an on-line site that I could go to and grab the necessary javascript files?

 

That form submits to the ../library/query.php file. Is that query.php file readable php code or is it 'encrypted' and looks like a long line of numbers/letters?

 

Actually, you can check what data it submits to the query.php file by adding the following statement immediately after the first opening <?php tag in it -

 

echo '<pre>',print_r($_POST,true),'</pre>';

 

Goto the form page and enter a category that produces an error, then submit the form. When it goes to the query.php page, you should get an array of information displayed.