16 {{ upvoteCount | shortNum }}
16 {{ upvoteCount | shortNum }}

Sql query went bonkers!!!

by PHPSpaZ
13 replies
I have advanced immensely since the last time I required the services of the warriors. But alas I find myself in need with yet another trivial problem. This time my SQL statement is giving me a bit of trouble... I have checked and made sure all of the information is getting to the SQL statement but for some reason i get this sql error:

//
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE ticketID=471771' at line 1
//

This is the bytes that are causing my headache...:

//
if(isset($_REQUEST['tab'])){
$tab=$_REQUEST['tab'];
$a2ass=$_REQUEST['a2ass'];
$ticketID=$_REQUEST['ticketID'];
$a2aname=$_REQUEST['a2aname'];
$a2aaddress=$_REQUEST['a2aaddress'];
$a2acity=$_REQUEST['a2acity'];
$a2astate=$_REQUEST['a2astate'];
$a2aphone=$_REQUEST['a2aphone'];
$a2acompany=$_REQUEST['a2acompany'];
$a2aemail=$_REQUEST['a2aemail'];
//************************************************** **************************************Sort by tabs --Buyer
if($tab=="assign_buyer"){
$as="BUYER";
//**** Check for assignee MID and create assignment SQL
if(isset($a2ass)){
ticket_connect();
//**** Execute SQL
mysql_query("INSERT INTO mynewci_ticket (buyer_name,buyer_mid,buyer_email,buyer_phone,buye r_city,buyer_state,buyer_address,buyer_company) VALUES ('$a2aname','$a2ass','$a2aemail','$a2aphone','$a2a city','$a2astate','$a2aaddress','$a2acompany')WHER E ticketID='$ticketID'") or die(mysql_error());
}
//

Anyone have any ideas why it is telling me my syntax is wrong?
I know I dont need to escape my single quote so I cant see what the problem is...
#bonkers #query #sql
  • Profile picture of the author PHPSpaZ
    for some reason the WYSIWYG editor is throwing in a space in the WHERE part of the query... That space is NOT there in the code.
    {{ DiscussionBoard.errors[6100930].message }}
  • Profile picture of the author Mirque
    Hi friend !

    Try to put espace between ")" AND WHERE
    And if already dont run, check in your DATABASE, if your fields type is right "INT"
    {{ DiscussionBoard.errors[6101526].message }}
    • Profile picture of the author PHPSpaZ
      Already tried the spacing deal, TYPE of that field is set to VARCHAR so it really shouldnt matter if it is only numbers right?
      {{ DiscussionBoard.errors[6101552].message }}
  • Profile picture of the author Mirque
    For all content with number, you must choice the int type.

    Try to change the type of your fields, and put it to int, then, in your code source, juste delete the '' like that WHERE ticketID=$ticketID

    Best,
    {{ DiscussionBoard.errors[6101966].message }}
    • Profile picture of the author PHPSpaZ
      I set it to int but when I took out the '' it gave the same error but instead of spitting out the actual number, it actually spit out the name of the var

      WHERE ticketID=$ticketID
      {{ DiscussionBoard.errors[6102021].message }}
  • Profile picture of the author Mirque
    Try this :

    Put your clause like that

    WHERE ticketID='$ticketID'

    And keep your field into your DATABASE to int value

    =)
    {{ DiscussionBoard.errors[6102056].message }}
    • Profile picture of the author PHPSpaZ
      that is what i was doing in the beggining. The statements syntax is grand but it refuses to work...
      {{ DiscussionBoard.errors[6102359].message }}
  • Profile picture of the author Mirque
    Ok, but the query INSERT INTO dont allow you to include a clause.
    I dont know why you put that !

    just modify your query insert into by UPDATE, then the query allow you to put a clause

    Best,
    {{ DiscussionBoard.errors[6102440].message }}
  • Profile picture of the author JohnnyS
    the error is not in "WHERE ticket=471771" but before it.. check on the strings the you put in each field there might be a single quote that closes the quotes in a field value..

    what i can suggest to you is to use mysql_real_escape_string in assigning field values to a variable to prevent any quotes or sql injections that might cause the failure of the query..
    [code]
    ...

    $tab=mysql_real_escape_string($_REQUEST['tab']);
    $a2ass=mysql_real_escape_string($_REQUEST['a2ass']);
    $ticketID=mysql_real_escape_string($_REQUEST['ticketID']);
    $a2aname=mysql_real_escape_string($_REQUEST['a2aname']);
    $a2aaddress=mysql_real_escape_string($_REQUEST['a2aaddress']);
    $a2acity=mysql_real_escape_string($_REQUEST['a2acity']);
    $a2astate=mysql_real_escape_string($_REQUEST['a2astate']);
    $a2aphone=mysql_real_escape_string($_REQUEST['a2aphone']);
    $a2acompany=mysql_real_escape_string($_REQUEST['a2acompany']);
    $a2aemail=mysql_real_escape_string($_REQUEST['a2aemail']);
    {{ DiscussionBoard.errors[6102465].message }}
  • Profile picture of the author KirkMcD
    You CAN'T do an 'Insert' with a Where statement.
    You probably want to do an 'Update'.
    {{ DiscussionBoard.errors[6103099].message }}
    • Profile picture of the author PHPSpaZ
      Thank you all. It works great!
      {{ DiscussionBoard.errors[6103187].message }}
  • Profile picture of the author SteveJohnson
    I sincerely hope that you're going to be adding some validation/sanitization to your user inputs before this goes live...
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[6105462].message }}
    • Profile picture of the author PHPSpaZ
      Yeah we are using escape strings, this was code in its test stage with as few things to complicate the process as possible.
      {{ DiscussionBoard.errors[6108548].message }}

Trending Topics