What is wrong with my code?

**erbio** · Dec 12, 2007 20:28

When I navigate to this url:
site.com/verify.php?key=0000-0000

a 0 or 1 should display, instead I get a syntax error.

It is connecting to the database correctly... Ive tried and tried to make it work, something is missing.

PHP Code:


<?php

$key = $_GET['key'];

$trimmed = trim($key); //trim whitespace from the stored variable





mysql_connect("dburl", "username", "password") or die(mysql_error());



mysql_select_db("dbname") or die(mysql_error());



$query = "SELECT * FROM auth WHERE key LIKE '$trimmed'";  

    

     

$result = mysql_query($query) or die(mysql_error());







while($row = mysql_fetch_array($result)){

echo $row['key']. "<br />" . $row['active'];





}



?>

**wheeler** · Dec 12, 2007 20:42

well what is the syntax error?

By the way, I have 2 suggestions... add mysql_real_escape_string to $key and use WHERE key = '$key otherwise it will give you a loose match, unless thats what you want.

PHP Code:



<?php

$key = $_GET['key'];

$trimmed = mysql_real_escape_string(trim($key)); //trim whitespace from the stored variable

mysql_connect("dburl", "username", "password") or die(mysql_error());
mysql_select_db("dbname") or die(mysql_error());

$query = mysql_query("SELECT * FROM auth WHERE key =  '$trimmed'") or die(mysql_error());  

while($row = mysql_fetch_array($query)) 
{
    echo $row['key']. "<br />" . $row['active'];
}



?>

**erbio** · Dec 12, 2007 20:52

The syntax error is:

PHP Code:


You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'key LIKE '0000-0000'' at line 1

Originally Posted by wheeler

well what is the syntax error?

By the way, I have 2 suggestions... add mysql_real_escape_string to $key and use WHERE key = '$key otherwise it will give you a loose match, unless thats what you want.

PHP Code:




<?php



$key = $_GET['key'];



$trimmed = mysql_real_escape_string(trim($key)); //trim whitespace from the stored variable



mysql_connect("dburl", "username", "password") or die(mysql_error());

mysql_select_db("dbname") or die(mysql_error());



$query = mysql_query("SELECT * FROM auth WHERE key =  '$trimmed'") or die(mysql_error());  



while($row = mysql_fetch_array($query)) 

{

    echo $row['key']. "<br />" . $row['active'];

}







?>

**paul_wilkins** · Dec 12, 2007 21:42

If the key is empty the database is doing to throw an error. Use a condition below the select database.

Code PHP:

if ($trimmed) {
  $query = mysql_query("SELECT * FROM auth WHERE key =  '$trimmed'") or die(mysql_error());  
  while($row = mysql_fetch_array($query)) 
 
  {
    echo $row['key']. "<br />" . $row['active'];
  }
}

**erbio** · Dec 12, 2007 22:07

I get the syntax error even with your code.

PHP Code:


You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = '0000-0000'' at line 1

It has something to search for, that isn't the problem.

Originally Posted by pmw57

If the key is empty the database is doing to throw an error. Use a condition below the select database.

Code PHP:

if ($trimmed) {
  $query = mysql_query("SELECT * FROM auth WHERE key =  '$trimmed'") or die(mysql_error());  
  while($row = mysql_fetch_array($query)) 
 
  {
    echo $row['key']. "<br />" . $row['active'];
  }
}

**erbio** · Dec 12, 2007 22:15

Maybe I'm doing something wrong.

Should i not be using "LIKE" ?

What I want to do is make this page:
site.com/verify.php/?key=0000-0000

Display a 0 if NOT in the database

and a 1 if it IS in the database.

The database insert is not the problem.

I want the script above to simply return the key and active or not (0 or 1)

echo $row['key']. "<br />" . $row['active'];

**wheeler** · Dec 12, 2007 22:32

LIKE provides a broad match, if your key should be an exact match then just use equals as per my example.

The syntax looks 100% correct to me. Are you sure you are testing the correct file - have you uploaded the changes?

**erbio** · Dec 12, 2007 22:36

I just double checked to make sure the newest file is on the server.

Please see:
http://erbio.net/verify.php?key=0000-0000

Notice the syntax error changed and does not include "LIKE" but the equals now:

PHP Code:


You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = '0000-0000'' at line 1

**paul_wilkins** · Dec 12, 2007 23:58

The only thing that can be discerned from the error statement that's different from expected usage is that you have whitespace around the equals sign.

Please use var_dump($query) to display the query string, because there is obviously something about the query that is wrong.

**wheeler** · Dec 13, 2007 00:35

also can you paste in your current script

**erbio** · Dec 13, 2007 00:39

Ok I added vardump to it

http://erbio.net/verify.php?key=0000-0000

**paul_wilkins** · Dec 13, 2007 00:44

Use the following:

Code PHP:

if ($trimmed) {
  $query = "SELECT * FROM auth WHERE key =  '$trimmed'"
  var_dump($query);
  $result = mysql_query($query) or die(mysql_error()); 
  while($row = mysql_fetch_array($result)) {
    echo $row['key']. "<br />" . $row['active'];
  }
}

**erbio** · Dec 13, 2007 01:05

Okay, updated with the code you provided and I get this:

PHP Code:


Parse error: syntax error, unexpected T_STRING in D:\hshome\servicep\erbio.net\verify.php on line 23

Line 23 is:

PHP Code:


  var_dump($query);

Originally Posted by pmw57

Use the following:

Code PHP:

if ($trimmed) {
  $query = "SELECT * FROM auth WHERE key =  '$trimmed'"
  var_dump($query);
  $result = mysql_query($query) or die(mysql_error()); 
  while($row = mysql_fetch_array($result)) {
    echo $row['key']. "<br />" . $row['active'];
  }
}

**paul_wilkins** · Dec 13, 2007 01:17

My apologies, make that echo var_dump($query);

**erbio** · Dec 13, 2007 01:25

Originally Posted by pmw57

My apologies, make that echo var_dump($query);

Ok updated

PHP Code:


string(43) "SELECT * FROM auth WHERE key = '0000-0000'" You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = '0000-0000'' at line 1

**paul_wilkins** · Dec 13, 2007 01:29

I think this was mentioned before, but get rid of the whitespace around the equal sign

**erbio** · Dec 13, 2007 01:32

Okay, I just removed the spaces and updated the file...

Originally Posted by pmw57

I think this was mentioned before, but get rid of the whitespace around the equal sign

**paul_wilkins** · Dec 13, 2007 01:33

I'm pretty sure that key is a reserved word. Put quotes around it.

**erbio** · Dec 13, 2007 01:36

Okay, that was the problem.

Now I dont understand why the "active" isn't appearing.

PHP Code:


$result = mysql_query($query) or die(mysql_error());

  while($row = mysql_fetch_array($result)) {

    echo $row['active'];

  }

**erbio** · Dec 13, 2007 01:36

It's all just blank

**erbio** · Dec 13, 2007 01:43

Nevermind, I just changed key to pkey

**paul_wilkins** · Dec 13, 2007 01:45

Find out how many rows were returned.

Code PHP:

$result = mysql_query($query) or die(mysql_error());
echo 'Number of results: ' . mysql_num_rows($result);
while($row = mysql_fetch_array($result)) {
  echo $row['active'];
}

**erbio** · Dec 13, 2007 01:55

Now this isn't working for me:

PHP Code:


if ($status = "0"); {

    echo "not-authorized";

    }

    

    if ($status = "1"); {

    echo "authorized for use";

    }

    

    if ($status = "2"); {

    echo "refunded";

    }

http://erbio.net/verify.php?key=1234-1234

the active for this key above is "1"

and should display "authorized for use"

**erbio** · Dec 13, 2007 02:02

pmw57, are you available via AOL instant messenger?

Interested in being paid to whip up a bit of code for me?

If so, please let me know what you'd charge.

**paul_wilkins** · Dec 13, 2007 02:04

Will do

User Tag List

Thread: What is wrong with my code?

Thread Tools

Display

What is wrong with my code?

Bookmarks

Bookmarks

Posting Permissions