Firestorm3d Posted February 8, 2008 Share Posted February 8, 2008 im having issues with this code that is supposed to post into a mysql database. my error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 my code <?php $guild = $_POST['guild']; $guildid = $_POST['guildid']; $playername = $_POST['playername']; $playerid = $_POST['playerid']; $coords = $_POST['coords']; $cc = $_POST['cc']; $defense01 = $_POST['defense01']; $defense02 = $_POST['defense02']; $defense03 = $_POST['defense03']; $defense04 = $_POST['defense04']; $defense05 = $_POST['defense05']; $defense06 = $_POST['defense06']; $defense07 = $_POST['defense07']; $defense08 = $_POST['defense08']; $defense09 = $_POST['defense09']; $defense10 = $_POST['defense10']; function connect(){ $con = mysql_connect("localhost","root","sin3169"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("data", $con); } function closecon(){ mysql_close($con); } function playercheck(){ connect(); $result = mysql_query("SELECT * FROM astro_players WHERE player_id=$playerid") or die (mysql_error()); $row = mysql_fetch_array($result); if($row['player_id'] != $playerid){ mysql_query("INSERT INTO astro_players (Guild_Title, Guild_ID, Player_Name, Fleet, player_id) VALUES ('$guild', '$guildid', '$playername', '0', '$playerid')") or die (mysql_error()); } } function basecheck(){ $result = mysql_query("SELECT * FROM astro_bases WHERE coord=$coords") or die (mysql_error()); $row = mysql_fetch_array($result); if($row['coord'] != $coords){ base(); } } function base(){ mysql_query("INSERT INTO astro_bases (coord , cc , Defense01 , Defense02 , Defense03 , Defense04 , Defense05 , Defense06 , Defense07 , Defense08 , Defense09 , Defense10, player_id) VALUES ('$coords' , '$cc' , '$defense01', '$defense02', '$defense03', '$defense04', '$defense05', '$defense06', '$defense07', '$defense08', '$defense09', '$defense10','$playerid')") or die (mysql_error()); } connect(); playercheck(); basecheck(); closecon(); header('Location : http://localhost/inputastro.php'); ?> Quote Link to comment Share on other sites More sharing options...
PHP Monkeh Posted February 8, 2008 Share Posted February 8, 2008 You don't happen to know which insert is generating the error do you? You could try commenting out the first insert and seeing if the error still occurs etc. Anyway there's 2 things which I think you should change: mysql_query("INSERT INTO astro_players (Guild_Title, Guild_ID, Player_Name, Fleet, player_id) VALUES ('$guild', '$guildid', '$playername', '0', '$playerid')") or die (mysql_error()); The 0 there I'm going to assume you wish to be an integer, so you can remove the ' ' around it. Also, if any of the inputs include a " or ' you're going to get errors. So you should either start using mysql_real_escape_string around your inputs or addslashes(). Example: $guild = addslashes($_POST['guild']); Quote Link to comment Share on other sites More sharing options...
linuxlord Posted February 8, 2008 Share Posted February 8, 2008 use the following function to avoid this prob while using text input function escape($string) { if(!get_magic_quotes_gpc()) { return addslashes($string); } return $string; } like this $playername = escape($_POST['playername']); also, the ' ' around a numeric is not a problem. Quote Link to comment Share on other sites More sharing options...
aschk Posted February 8, 2008 Share Posted February 8, 2008 I recommend you build your SQL statement as a variable outside of the mysql_query function, e.g. $sql = "SELECT * FROM <table> WHERE <field> = '{$variable}' "; Then you can do "echo $sql;" to see what is actually being sent to the database. And you can also show us what it is too Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.