PHP/MySQL Cannot Update/Insert/Get Multiple Values

Question

0.00/5 (No votes)

See more:

I am annoyingly confused here. I have been trying to solve this issue, but oddly enough I realize it was not under a single directory, it is actually my entire web server that faces this problem. I cannot in any way get, insert, or update more than one value at a time on any NEW document I create, which confuses me why it still works on old ones, but not on new ones. I have even copied the old ones to the new document and done nothing but alter the table it inserts into (with all the same values) and it produces a simple error stating '

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key='AB123', IGN='test' WHERE Name='testuser'' at line 1

'.

The entire code is below:

PHP

session_start();
$name = $_POST['name'];
    $appkey = $_POST['appkey'];
    $usrname = $_POST['username'];
    $birthday = $_POST['BirthMonth'] . "." . $_POST['birthday'] . "." . $_POST['birthyear'];
    $gender = $_POST['Gender'];
    $skype = $_POST['phone'];
    $exp = $_POST['exp'];
    $why = $_POST['why'];
    include('db.php');
    mysql_query("INSERT INTO query (Name, Key, IGN) VALUES ('$name', '$appkey', '$usrname')") or die(mysql_error());

(Yes, it is all in the proper tags. )

There is no answer I can find online, and everything I try to fix it does nothing. I do not want to have a long string Inserting the values.

EDIT: I have echoed the string and it results as the entire 'INSERT INTO query (Name, Key, IGN) VALUES ('$name', '$appkey', '$usrname')' string, with no problem.

Solution: I did not realize that the tag 'query' & 'Name' are protected, so finally after a few minutes with my IT teacher she help me into the right direction.

Posted 30-Sep-13 11:10am

Trennon Dunn

Updated 1-Oct-13 9:47am

v3

Add a Solution

Comments

ZurdoDev 30-Sep-13 17:11pm

The error says the syntax is wrong. I don't do MySql but I see 2 ' at the end.

Trennon Dunn 30-Sep-13 17:18pm

thats actually from the error. it quoted what was wrong, so really it was Key='AB123', IGN='test' WHERE Name='testuser'

ZurdoDev 30-Sep-13 20:33pm

Then I would look at the whole statement. It says near Key... which may mean before it.

enhzflep 30-Sep-13 17:36pm

That error message doesn't appear to match the posted code to me.
The error message contains the WHERE keyword, yet your sql does not.

A good exercise can be to echo the sql query string to the screen before running it, so that you can copy/paste the generated query string into myPhpAdmin for debugging purposes.

An even better exercise is to look into PDO or MySqli (PDO is the better option)
http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/

Trennon Dunn 30-Sep-13 18:13pm

did that. echos what it should but still provides an error

enhzflep 30-Sep-13 18:22pm

Oops! Sorry, I should have been more specific - the aim is to echo the string that MySQL actually deals with. The string you've echoed simply shows what's in the PHP source.

The output expected would be more like:

INSERT INTO query (Name, Key, IGN) VALUES ('RogerR', 'AB123', 'notBugsCousin')'

I suggest you do a search-in-files of all the files in your project to see if you can locate the SQL that appears to generate the displayed error message. I would search for the text (' WHERE Name=') - brackets used as string delimiters. Copy and search for everything except the brackets.

Trennon Dunn 30-Sep-13 18:47pm

thats what i did. i changed it to say $sql = (mysql here), then echo $sql, and for the mysql_query($sql)

enhzflep 30-Sep-13 19:08pm

Oh dear. In that case, you've got a problem right there.
Consider the following code:

<?php
$hostName = "localhost";
$userName = //************* // username removed for forum post
$password = //************* // password removed for forum post

// Establish a link to the database
$dbLink = mysql_connect($hostName, $userName, $password);
if (!$dbLink) die('Can\'t establish a connection to the database: ' . mysql_error());

$dbSelected = mysql_select_db('forum', $dbLink);
if (!$dbSelected) die ('We\'re connected, but can\'t use the table: ' . mysql_error());

$myUserName = 'enhzflep';

//id username email password session_id date_registered
$query = 'SELECT * FROM users WHERE username = "' . $myUserName . '"';
printf("About to run this query: $query ");

$userResult = mysql_query($query);

while ($row = mysql_fetch_row($userResult) )
{
$id = $row[0];
$username = $row[1];
$email = $row[2];
$password = $row[3];
$session_id = $row[4];
$date_registered = $row[5];

printf("ID: $id USERNAME: $username EMAIL: $email PASSWORD: $password SESSION_ID: $session_id DATE_REGISTERED: $date_registered");
}
?>

The output from that is:
About to run this query: SELECT * FROM users WHERE username = "enhzflep"
ID: 1
USERNAME: enhzflep
EMAIL: enhzflep@yahoo.com.au
PASSWORD: f231ff6e1a8c6e37a34032a093b95b92
SESSION_ID: 5hou2n75t6k0l3gl57or156n37
DATE_REGISTERED: 1342793990

Prasad Khandekar 1-Oct-13 0:23am

Hello Trennon,

Try following methods. The first one being the safe and recommended even in the documentation.

$query = sprintf("INSERT INTO query (Name, Key, IGN) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($name), mysql_real_escape_string($appkey), mysql_real_escape_string($usrname));

$query = "INSERT INTO query (Name, Key, IGN) VALUES ('" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($appkey) . "', '" . mysql_real_escape_string($usrname) . "')";

Regards,

Akinmade Bond 1-Oct-13 19:42pm

Good. It's sad that some people still write very vulnerable sql queries.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Nelek · Answer 1 · 2013-10-01T13:42:00

Solution 1

Edition of the OP with solution copied here to avoid having the question as unanswered

Solution: I did not realize that the tag 'query' & 'Name' are protected, so finally after a few minutes with my IT teacher she help me into the right direction.

Posted 1-Oct-13 13:42pm

Nelek