Jump to content

Please help matching against db

lingo5

By lingo5
in PHP Coding Help

 Share

Recommended Posts

lingo5 Regular Member

lingo5

Posted
Posted

Hi

I have a form that posts a 10 digit number to create a db query like so (sorry about spanish words but that's my mothertongue:-):

 

<form id="form1" name="form1" method="post" action="../miregalo.php">
<input name="cupon_numero" type="text" class="premioField" id="cupon_numero" maxlength="10" />
<input type="submit" value="DALE !!" />
</form>

 

and this is the query i create to show results for that number:

 

$colname_texts_RS = "-1";
if (isset($_POST['cupon_numero'])) {
 $colname_texts_RS = $_POST['cupon_numero'];
}
mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_texts_RS = sprintf("SELECT * FROM t_cupones WHERE cupon_numero = %s", GetSQLValueString($colname_texts_RS, "text"));
$texts_RS = mysql_query($query_texts_RS, $MySQLconnect) or die(mysql_error());
$row_texts_RS = mysql_fetch_assoc($texts_RS);
$totalRows_texts_RS = mysql_num_rows($texts_RS);

 

this works fine except for one thing....if i enter a coupon numbre that is not on the db i get a syntax error like this:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

and hat I would like to be able to do is to get a custom message if the coupo numbre posted by the form does not exist on my db....am I being silly and unable to see a simple solution here?.... :confused:

Link to comment
https://forums.phpfreaks.com/topic/274102-please-help-matching-against-db/
Share on other sites
lingo5 Regular Member

lingo5

Posted
  • Author
Posted

thanks barand,

i have now stored the cupon_numero value in a session like so:

 

<?php
session_start();
$_SESSION['cupon_numero'] = $_POST['cupon_numero'];
?>

 

i then get he value passed to the next page to show the result for this query:

 

$colname_texts_RS = "-1";
if (isset($_SESSION['cupon_numero'])) {
 $colname_texts_RS = $_SESSION['cupon_numero'];
}
mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_texts_RS = sprintf("SELECT * FROM t_cupones WHERE cupon_numero = %s", GetSQLValueString($colname_texts_RS, "text"));
$texts_RS = mysql_query($query_texts_RS, $MySQLconnect) or die(mysql_error());
$row_texts_RS = mysql_fetch_assoc($texts_RS);
$totalRows_texts_RS = mysql_num_rows($texts_RS);

 

this works fine when the cupon_numero entered exists on my db...but shows the mentioned syntax error when the entered cupon_numero doesn't exist on the db.

 

I store coupon information on one table (t_cupones) and prize information on another (t_premios).

t_cupones stores the prize_id ad t_premios contains the actual prize.

 

Using the query above I'm able to get the prize id of a given coupon, but what I need is to also query t_premios to get the actual prize description based on the prize_id resulting from the irst query.

 

Sorry...I don't know if this makes sense?

lingo5 Regular Member

lingo5

Posted
  • Author
Posted

ok, i have tried this to get the premio_descripcion_esp from the table t_premios based on the id_premio from t_cupones....what am I doing wrong?

 

mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_premios_RS = "SELECT * FROM  t_cupones LEFT JOIN t_premios ON t_cupones.id_premio =  t_premios.id_premio";
$premios_RS = mysql_query($query_premios_RS, $MySQLconnect) or die(mysql_error());
$row_premios_RS = mysql_fetch_assoc($premios_RS);
$totalRows_premios_RS = mysql_num_rows($premios_RS);

lingo5 Regular Member

lingo5

Posted
  • Author
Posted (edited)

Why do i get "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" when using this query?

 

$colname_cupon_RS = "-1";
if (isset($_POST['cupon_numero'])) {
$colname_cupon_RS = $_POST['cupon_numero'];
}
mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_cupon_RS = sprintf("SELECT * FROM t_cupones WHERE cupon_numero = %s", GetSQLValueString($colname_cupon_RS, "text"));
$cupon_RS = mysql_query($query_cupon_RS, $MySQLconnect) or die(mysql_error());
$row_cupon_RS = mysql_fetch_assoc($cupon_RS);
$totalRows_cupon_RS = mysql_num_rows($cupon_RS;
$id_premio=$row_cupon_RS['id_premio']; // i use this to get id_premio
mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_premio_RS = "SELECT * FROM t_premios WHERE id_premio =$id_premio ";
$premio_RS = mysql_query($query_premio_RS, $MySQLconnect) or die(mysql_error());
$row_premio_RS = mysql_fetch_assoc($premio_RS);
$totalRows_premio_RS = mysql_num_rows($premio_RS);

 

it works fine when the enteredcoupon number exists....but throws the error when the numbre doesn't exist.

please help...i'm reall confused now....thanksss :confused:

Edited by lingo5
lingo5 Regular Member

lingo5

Posted
  • Author
Posted

Barand I've done it !!!!!!!!

 

thanks for your help...this is how I did it

 

$colname_premios_RS = "-1";
if (isset($_POST['cupon_numero'])) {
 $colname_premios_RS = $_POST['cupon_numero'];
}
mysql_select_db($database_MySQLconnect, $MySQLconnect);
$query_premios_RS = "SELECT * FROM t_cupones LEFT JOIN t_premios  ON (t_cupones.id_premio = t_premios.id_premio) WHERE cupon_numero = $colname_premios_RS";
$premios_RS = mysql_query($query_premios_RS, $MySQLconnect) or die(mysql_error());
$row_premios_RS = mysql_fetch_assoc($premios_RS);
$totalRows_premios_RS = mysql_num_rows($premios_RS);

Christian F. Member

Christian F.

Posted
Posted (edited)

I've cleaned up you code a bit, and added some comments to explain what the code does.

// CF: First you initialize the coupon variable with -1
$colname_cupon_RS = "-1";

// CF: Then, if the user has submitted a coupon number.
if (isset ($_POST['cupon_numero'])) {
   // CF: You retrieve that data from the $_POST array.
   //        Should have used intval () here, to both validate and protect against SQL injections.
   $colname_cupon_RS = $_POST['cupon_numero'];
}

// CF: Here' we're selecting the correct database to work with.
mysql_select_db($database_MySQLconnect, $MySQLconnect);

// CF: Now we're building the query that should fetch the data from the database.
//        Note that if no number was submitted this will look for coupons with the number -1,
//        which I assume does not exist.
//        Also, the GetSQL... function shouldn't be used here, as we're dealing with an integer.
//        See my comment about intval () above.
$query_cupon_RS = sprintf("SELECT * FROM t_cupones WHERE cupon_numero = %s", GetSQLValueString($colname_cupon_RS, "text"));

// CF: Then we execute the above query, and check for errors with it.
$cupon_RS = mysql_query($query_cupon_RS, $MySQLconnect) or die(mysql_error());

// CF: No errors found, so retrieve the first row. If there is one returned
$row_cupon_RS = mysql_fetch_assoc($cupon_RS);

// CF: Then get the number of rows returned by the above query.
//        Note my previous comment about what it would return if no number was submitted.
$totalRows_cupon_RS = mysql_num_rows($cupon_RS;

// CF: Then, assuming that there was a first row, retrieve the prize ID from it.
//        Again, what happens here if no coupon ID was given?
$id_premio=$row_cupon_RS['id_premio']; // i use this to get id_premio

// CF: Select the database again? Completely unnecessary, delete.
mysql_select_db($database_MySQLconnect, $MySQLconnect);

// CF: Build a query to fetch the prizes, using the ID from the _assumed_ first row of the previous query.
$query_premio_RS = "SELECT * FROM t_premios WHERE id_premio =$id_premio ";

// CF: Run that query, and check for errors. At which point you get your error message.
//        Echo out the last query if you don't see why.
$premio_RS = mysql_query($query_premio_RS, $MySQLconnect) or die(mysql_error());

$row_premio_RS = mysql_fetch_assoc($premio_RS);
$totalRows_premio_RS = mysql_num_rows($premio_RS);

 

It should, hopefully, help explain why you're getting the problems you are. ;)

I also have two recommendations for you, which will help you a lot in the long run:

  1. Use JOINs in your queries. As there is no need to run two queries here. A simple JOIN would have fetched all of the information you needed at once, and you wouldn't have had this problem.
  2. I strongly recommend finding another editor, or at the very least stop using DW to generate the code for you. DW is notoriously bad at this, and produces a lot crappy, slow, insecure and buggy code.

 

Added: LOL, what do you know. Fixed while I was typing.

Oh, well, glad to see that you got it sorted out. Using joins too. :)

Edited by Christian F.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.