[SOLVED] MySQL error

[ryeman98]

I get this error when I try to delete an article:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

I don't know how to make it so the id is carried over to the delete part of the code. Here is the entire article.php code:

<?php

if ((isset ($_GET['article_id']))) {

echo "<form name=\"delete\" action=\"article.php?action=delete\" method=\"post\">";
$id = $_GET['article_id']; //I want this id carried over to the delete part at the bottom
$query = mysql_query("SELECT * FROM news WHERE id = $id");
$result = mysql_fetch_array($query);
$getarticle = $result['id'];
$title = $result['title'];
$date = $result['date'];
$content = $result['content'];
echo "<p class=\"hide\">";
echo $getarticle;
echo "</p><h3>";
echo $title;
echo "</h3><p>";
echo $date;
echo "</p><p>";
echo $content;
echo "</p><p>
<input type=\"submit\" name=\"delete\" value=\"Delete\" /></form></p>";

}

if ($_GET['action'] == "new") {

$date = date("F j, Y");
$verify = rand(1000, 9999);

echo "
<table border=0 cellpadding=0 cellspacing=0>
<form name=\"addarticle\" action=\"/article.php?action=add\" method=\"post\">
<tr valign=top><td><strong>Title:</strong></td> <td><input type=\"text\" name=\"title\" size=\"60\" /></td></tr>
<tr valign=top><td><strong>Date:</strong></td> <td>".$date."</td></tr>
<tr valign=top><td><strong>Content:</strong></td> <td><textarea name=\"content\" maxlength=\"10000\" cols=\"50\" rows=\"10\"></textarea></td></tr>
<tr valign=top><td><strong>".$verify."</strong></td> <td><input type=\"text\" name=\"verify\" size=\"4\" maxlength=\"4\" /></td></tr>
<tr align=right><td></td><td><input type=\"submit\" name=\"submit\" value=\"Add Article\" /></td></tr>
</form></table>";

} elseif ($_GET['action'] == "add") {

if (!$_POST['title'] || !$_POST['content'] || !$_POST['verify'] ) {
die("You did not fill in all the required fields. Use your browser's back button to retry.");
}

$title = $_POST['title'];
$date = date("F j, Y");
$content = $_POST['content'];

$insert = ("INSERT INTO news (title, date, content)
VALUES ('$title', '$date', '$content')");
$add = mysql_query($insert)
or die(mysql_error());

echo "Your article has been submitted. Go <a href=\"/index.php\">Here</a> to view it.";

} elseif ($_GET['action'] == "delete") {

//I want the id carried down here
$id = $_POST['article_id'];
$query = $_POST['query'];
$result = $_POST['result'];
$getarticle = $_POST['getarticle'];
$title = $_POST['title'];
$date = $_POST['date'];
$content = $_POST['content'];

$id = $_GET['article_id'];
$delete = mysql_query("DELETE FROM news WHERE id = $id")
or die(mysql_error());
}

?>

 

Within the code I mentioned where I want the id to be carried and I want to delete the article when I go to article.php?action=delete

 

Thanks for the help,

Rye

[marf]

try changing

 

$query = mysql_query("SELECT * FROM news WHERE id = $id");

 

to

 

$query = mysql_query("SELECT * FROM news WHERE id = '$id'");

[marcus]

$insert = ("INSERT INTO news (title, date, content)
VALUES ('$title', '$date', '$content')");
$add = mysql_query($insert)
or die(mysql_error());

 

change to

 

$insert = "INSERT INTO `news` (`title`,`date`,`content`) VALUES('$title','$date','$content')";
$add = mysql_query($insert) or die(mysql_error());

 

You also want to make sure your variables actually have a value defined to them, so before you do the query, echo off the variables.

[southpaw]

Hello guys, i'm new in the world of php but have been going through some tutorials

like o reilly 5. I try adding a user to the system at it gives "Column 'name' cannot be null

 

Here is the script i used $_POST and $HTTP_POST_VARS and both didnt work.

 

Would appreciate the help.

 

<?php require_once('../Connections/connection.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form1")) {
$email = $HTTP_POST_VARS['Email'];
$sql ="SELECT * FROM users WHERE Email='$email'";
$query = mysql_query($sql);
$count = mysql_num_rows($query);
if ($count > 0) {
header("location: newuser.php?mess=Sorry this email has already been used. <br>Please try again with another email address");
} 
else {
////////////////////////////////////
//File upload script for the picture

$fullname = strtolower($HTTP_POST_VARS['FirstName'])."_".strtolower($HTTP_POST_VARS['LastName'])."_".strtolower($HTTP_POST_VARS['OtherNames']);
			 if (is_dir("../images/users/".$fullname)) {  // check if directory for this artist works and images exist 	
         }
         else {
               $ee2 = @mkdir ('../images/users/'.$fullname); // create the folder
         }

$uploaddir = "../images/users/$fullname/";
$uploadfile = $uploaddir . $_FILES['Picture']['name'];

if (move_uploaded_file($_FILES['Picture']['tmp_name'], $uploadfile)) {
$picture = $_FILES['Picture']['name'];
$picture = $fullname."/".$picture;
    
} else {
    print "Possible file upload attack!";
}
//end of file upload///////////////

  $insertSQL = sprintf("INSERT INTO users (ID, FirstName, LastName, OtherNames, Rank, PWord, Address, Email, Phone, SchoolID, Picture) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, '$picture')",
                       GetSQLValueString($HTTP_POST_VARS['ID'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['FirstName'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['LastName'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['OtherNames'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['Rank'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['PWord'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['Address'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['Email'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['Phone'], "text"),
                       GetSQLValueString($HTTP_POST_VARS['SchoolID'], "int"));
                     
  mysql_select_db($database_connection, $connection);
  $Result1 = mysql_query($insertSQL, $connection) or die(mysql_error());

  $insertGoTo = "success.php?mess=New user was successfully added.";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}}

mysql_select_db($database_connection, $connection);
$query_users = "SELECT * FROM users";
$users = mysql_query($query_users, $connection) or die(mysql_error());
$row_users = mysql_fetch_assoc($users);
$totalRows_users = mysql_num_rows($users);

mysql_select_db($database_connection, $connection);
$query_school = "SELECT schools.ID, schools.Name FROM schools";
$school = mysql_query($query_school, $connection) or die(mysql_error());
$row_school = mysql_fetch_assoc($school);
$totalRows_school = mysql_num_rows($school);
?><?
if($_GET['cat'] == '1') {

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>The Third Eye</title>
<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
-->
</style></head>

<body>
<table width="100%" border="0" cellspacing="5" cellpadding="5">
  <tr>
    <td valign="top">New User </td>
  </tr>
  <tr>
    <td><form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1">
      <p align="center"><?= $mess;?></p>
      <table align="center">
          <tr valign="baseline">
            <td nowrap align="right">First Name:</td>
            <td><input type="text" name="FirstName" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Last Name:</td>
            <td><input type="text" name="LastName" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Other Names:</td>
            <td><input type="text" name="OtherNames" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Rank:</td>
            <td><select name="Rank" id="Rank">
              <option>Please select a rank</option>
              <option>============</option>
                <option value="Administrator">Administrator</option>
                <option value="Teacher">Teacher</option>
                <option value="Parent">Parent</option>
                <option value="Student">Student</option>
              </select>
            </td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Password:</td>
            <td><input type="password" name="Password" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Address:</td>
            <td><input type="text" name="Address" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Email:</td>
            <td><input type="text" name="Email" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">Phone:</td>
            <td><input type="text" name="Phone" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">School:</td>
            <td><select name="SchoolID">
                <?php
do {  
?><option value="<?php echo $row_school['ID']?>"><?php echo $row_school['Name']?></option>
                <?php
} while ($row_school = mysql_fetch_assoc($school));
  $rows = mysql_num_rows($school);
  if($rows > 0) {
      mysql_data_seek($school, 0);
  $row_school = mysql_fetch_assoc($school);
  }
?>
                          </select>
            </td>
          <tr>
          <tr valign="baseline">
            <td nowrap align="right">Picture:</td>
            <td><input name="Picture" type="file" id="Picture" /></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right"> </td>
            <td><input type="submit" value="Submit"></td>
          </tr>
        </table>
        <input type="hidden" name="ID" value="">
        <input type="hidden" name="MM_insert" value="form1">
      </form>
    </td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result($users);

mysql_free_result($school);
?>

[ryeman98]

This doesn't really help me though. How can I carry over the id of the article? A form?

[ryeman98]

Nevermind. I guess I was pretty tired last night. I make a form and put:

<input type=\"hidden\" name=\"id\" value=\"".$id."\" />

Then the id was carried over into the MySQL delete query