Jump to content

[SOLVED] Mysql quary, having a hard time :(

shlomikalfa

By shlomikalfa
in PHP Coding Help

Recommended Posts

shlomikalfa Regular Member

shlomikalfa

Posted
Posted

It's been 3 hours now that i'm trying to figure out what is it that i'm doing wrong

so i figured what the heck let's put it in here...

 

are there any syntex/other errors in the below code ?!!?

 

$sql = "INSERT INTO `db1`.`downloads` (
`Title` ,
`Category` ,
`Subcategory` ,
`Type` ,
`Links` ,
`LinksPass` ,
`SLinks` ,
`SLinksPass` ,
`Description` ,
`PicLinks` ,
`ExraInfo` ,
`ExtraLinks` ,
`Credits` ,
`Date` ,
`Uploader` ,
`Downloads` ,
`Comments`
)
VALUES {'".$_GET['title']."',
'".$_GET['categ']."',
'".$_GET['sbcat']."',
'".$_GET['lnktp']."',
'".$_GET['links']."',
'".$_GET['lnkpa']."',
'".$_GET['slink']."',
'".$_GET['slkpa']."',
'".$_GET['descr']."',
'".$_GET['picln']."',
'".$_GET['exten']."',
'".$_GET['acces']."',
'".$_GET['credt']."',
'',
'".$UserName."',
'',''}";
$result = mysql_query($sql, $link);
if (!$result) {
	echo "DB Error, could not query the database";
	echo 'MySQL Error: ' . mysql_error();
	exit;
}
exit

 

Thanks!

Link to comment
https://forums.phpfreaks.com/topic/66274-solved-mysql-quary-having-a-hard-time/
Share on other sites
shlomikalfa Regular Member

shlomikalfa

Posted
  • Author
Posted

Me NOOB :(

 

this is the error:

DB Error, could not query the databaseMySQL Error: You have an error in your SQL syntax; check the manual 
that corresponds to your MySQL server version for the 
right syntax to use near '{"{RZR} WarCraft 3 (III) Reign of Choas",
"Games ",
" Strategy",
"[RS.com] Ra' at line 20

btherl Member

btherl

Posted
Posted

I think you need to escape all your input.  For example:

 ...
'".mysql_real_escape_string($_GET['sbcat'])."',
...

 

For EVERY input string.  Otherwise, people can send invalid input and hijack your database.  And that's bad.

 

You might want to print out your query too before executing it.  That helps a lot for debugging.

Fadion Newbie

Fadion

Posted
Posted

Uve got all those string concatenations and stuff that it makes difficult to read. Make queries like:

 

$var1 = mysql_real_escape_string($_GET['var1']);
$var2 = mysql_real_escape_string($_GET['var2']);
$query = @mysql_query("INSERT INTO table (column1, column2) VALUES('$var1', '$var2')") or die(mysql_error);

 

In this way u clean the code and assign each get variable in a different variable for easy of use in the query. U arent forced to use "`db1`.`downloads`" as db1 is selected with mysql_select_db() and u just need to specify the table. Also smart quotes ` are optional, so dont use them.

 

By the way ure getting an error cos u have used VALUES{} and not VALUES().

shlomikalfa Regular Member

shlomikalfa

Posted
  • Author
Posted 

INSERT INTO `db1`.`downloads` (
`Title` ,
`Category` ,
`Subcategory` ,
`Type` ,
`Links` ,
`LinksPass` ,
`SLinks` ,
`SLinksPass` ,
`Description` ,
`PicLinks` ,
`ExraInfo` ,
`ExtraLinks` ,
`Credits` ,
`Date` ,
`Uploader` ,
`Downloads` ,
`Comments`
)
VALUES ("WinAmp9 by SK",
"Applications",
"Antivirus, Firewall, Spyware",
"[RS.com] RapidShare.com",
"http://rapidshare.com/files/48923473/USDownloader_Demo_.rar",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"Shlomi Kalfa",
"","")

 

DUDE I LOVE YOU !!!

the above just worked!!!

- it was all due to the stupid ) and } stuff... bah !!!!

THANKS !!!!!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.