SitePoint Sponsor

User Tag List

Results 1 to 22 of 22
  1. #1
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)

    Why am I suddenly getting an error?

    Using this code, I handle a form where I enter in my article. For some reason, now it's throwing an error at me. The error is...

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

    Here is the code.
    Code:
    <?php
    error_reporting(E_ALL);
    session_start();
    require("access.php");
    
    include ("config.php");
    ?>
    <!doctype html>
    <html>
    <head>
    <title>check</title>
    </head>
    <body>
    <?php
    
    $contentOfPost=$_POST['contentOfPost'];
    $dateTime = time();
    $type=$_POST['type'];
    $URL=$_POST['URL'];
    $URLtitle = str_replace('-', ' ', substr($URL, 0, -4));
    $teaser=$_POST['teaser'];
    $imgURL=$_POST['img'];
    if(!$type=="" || !$contentOfPost=="")
    {
    $link = mysql_connect($host, $username, $password);
    
    if(!$link){die(mysql_error());}
    $db_selected = mysql_select_db($DbName, $link);
    if(!$db_selected){echo "dbselect";die(mysql_error());}
    $insertionToDatabase="INSERT INTO $tableName (PostNumber, DateTime, Content, type, URL, teaser, img) VALUES (NULL, FROM_UNIXTIME($dateTime), '$contentOfPost', '$type', '$URL', '$teaser', '$imgURL'";
    
    $result = mysql_query($insertionToDatabase);
    if (!$result) {
    echo $type;
    echo $URL;
    echo $URLtitle;
    echo $imgURL;
    echo "<br>";
    echo $insertionToDatabase;
        die('Invalid query: ' . mysql_error());
    }
    else
    {
    $fh = fopen($URL, 'w') or die("can't open file");
    $stringData = '<?php $pageIdentity="'.$URLtitle.'";
    $articleType="'.$type.'";
    include("../../settings.php");
    ?>
    <div id="wrapper">
    	<?php include("../../header.php");?>
    	<div id="main">
    		<?php include("../../menu.php");?>
    		<div id="page">
    				<div id="content">
    					<div class="post">							
    						<h2 class="title article"><a href="'.$URL.'">'.$urlTitle.'</a></h2>
    						<p class="meta">Posted on '.$dateTime.'&nbsp;&bull;&nbsp; <a href="http://www.ryanreese.us/blog/'.$URL.'" class="permalink">Full article</a></p>
    						<div class="entry">
    							<p><img src="'.$imgURL.'" width="186px" height="186px" alt="" class="alignleft border" />'.$contentOfPost.'</p>
    						</div>
    					</div>
    				</div>
    <?php include ("../../sidebar.php");?>
    		</div>
    	</div>
    	<?php include("../../footer.php");?>
    </div>
    </body>
    </html>';
    fwrite($fh, $stringData) or die("cant");
    
    fclose($fh);
    }
    echo $result;
    mysql_close($link);
    }
    session_destroy();
    ?>
    
    </body>
    </html>
    The bolded is what I run. I echo out the query and I get this.

    INSERT INTO userSubmitted (PostNumber, DateTime, Content, type, URL, teaser, img) VALUES (NULL, FROM_UNIXTIME(1332387057), '

    Even if I remove the tacks ('') in the query, it doesn't work.
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  2. #2
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    From what i noticed, it is missing the closing ")" to VALUES ( ... ) , after last value, '$imgURL' .
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners

  3. #3
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Wow that was it. I had to include tacks also otherwise it threw an error (which I had gotten before, and I removed the bracket because I thought that was the issue..but I digress).

    Thank you . One last question. In my content post (my article text) I have multiple instances of using " (quotes). Obviously due to my query, it gets a \ to not mess up the query. How can I make it so that when it opens up my file and writes the article in there, that the \ get stripped out?
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  4. #4
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by RyanReese View Post
    One last question. In my content post (my article text) I have multiple instances of using " (quotes). Obviously due to my query, it gets a \ to not mess up the query. How can I make it so that when it opens up my file and writes the article in there, that the \ get stripped out?
    Maybe it works with echo stripcslashes($string);
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners

  5. #5
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MarPlo View Post
    Maybe it works with echo stripcslashes($string);
    Thank you.

    I went to php.net and there is stripslashes and stripcslashes. Why not just stripslashes instead of stripcslashes?

    I went to the formers page on php.net and it seems to be the better option, just from a quick search.
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  6. #6
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I think is better with stripslashes().
    The stripcslashes() Un-quote string quoted with addcslashes(), which quotes string with slashes in a C style.
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners

  7. #7
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)


    Ok, I plan on writing another article tomorrow morning so once that finishes I'll have a go at using stripslashes();. I have it updated on my file that handles the dirty work, so I'll report back and let you know how it goes. Thanks a lot!
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  8. #8
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by RyanReese View Post
    One last question. In my content post (my article text) I have multiple instances of using " (quotes). Obviously due to my query, it gets a \ to not mess up the query. How can I make it so that when it opens up my file and writes the article in there, that the \ get stripped out?
    Hi Ryan. That's not so obvious as you think it is. It shouldn't get a \ unless you put it there, and in your code I don't see you doing that. So maybe you have "magic quotes" enabled? If so, disable it (they're deprecated from PHP 5.3 and removed from 5.4).
    Instead, use mysql_real_escape_string to sanitize your user input strings before using them in a query (or take a look at PDO). That way, you won't have to strip any \ from the data you retrieve from the database.

  9. #9
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guido2004 View Post
    Hi Ryan. That's not so obvious as you think it is. It shouldn't get a \ unless you put it there, and in your code I don't see you doing that. So maybe you have "magic quotes" enabled? If so, disable it (they're deprecated from PHP 5.3 and removed from 5.4).
    Instead, use mysql_real_escape_string to sanitize your user input strings before using them in a query (or take a look at PDO). That way, you won't have to strip any \ from the data you retrieve from the database.
    I thought it was obvious, perhaps that's just me though. I definitely do not put a \ in there. Magic quotes might be enabled, but if it is, I was not the one to do it. How would I go about doing that? I plan on doing all the security measures this weekend (along with tidying the HTML/CSS) now that my website is basically done (minus article writes).
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  10. #10
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,273
    Mentioned
    60 Post(s)
    Tagged
    3 Thread(s)
    maybe you guys should move this thread over to the php forum, seeing as how that's all you've talked about since post #2

    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  11. #11
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi
    If the "\" is added by get_magic_quotes_gpc(), you can use this code to remove "\" if get_magic_quotes_gpc() is enabled.
    Code:
    if(get_magic_quotes_gpc()) {
      $string = stripslashes($string);
    }
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners

  12. #12
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MarPlo View Post
    Hi
    If the "\" is added by get_magic_quotes_gpc(), you can use this code to remove "\" if get_magic_quotes_gpc() is enabled.
    Code:
    if(get_magic_quotes_gpc()) {
      $string = stripslashes($string);
    }
    I'm a bit confused. I've never done a magic_quotes (gpc or otherwise) function. It's literally just added in there.

    I type up my article, it includes quote sin there just by me writing it. I put it in a variable. It gets put in teh database. It must get added upon echo or something.

    I just have the stripslashse around my echo/fwrite so I'l see if that works.
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  13. #13
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    How would I go about doing that?
    It depends on how much control you have over the server. Read this page of the manual: http://www.php.net/manual/en/securit....disabling.php
    It must get added upon echo or something.
    It gets added when the user data arrives at the server.

  14. #14
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Thanks. I installed the php.ini file on my server and by default it's off. I guess with no php.ini file there by default, it defaults to on. I also changed a few settings on there, such as error reporting.

    With the quotes turned off, can I remove the stripslashes from my code? I added it on there last night but now I think I don't need it.
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  15. #15
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Yes you should be able to remove that. Just try it

  16. #16
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guido2004 View Post
    Yes you should be able to remove that. Just try it
    I have to wait until I have an article written. For some reason (found this out during testing stages), if something gets submitted to the database, even if I delete it, the autoincremented postnumber column still gets the increase. Say I have one thing in there already. there is the #1 in the postnumber column for that submission. If I enter in another one for testing. It gets #2. Even if I delete that post, and enter in a new one, the new one gets #3. So unless I have a way to fix that, I don't want to add stuff to the table.

    I guess I'm also asking for a fix for this. I could remove the auto increment feature, find the last number submitted and ++ it...should I do that?
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  17. #17
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by RyanReese View Post
    I have to wait until I have an article written. For some reason (found this out during testing stages), if something gets submitted to the database, even if I delete it, the autoincremented postnumber column still gets the increase. Say I have one thing in there already. there is the #1 in the postnumber column for that submission. If I enter in another one for testing. It gets #2. Even if I delete that post, and enter in a new one, the new one gets #3. So unless I have a way to fix that, I don't want to add stuff to the table.

    I guess I'm also asking for a fix for this.
    No, there is no fix for that. That's the way the autoincrease works. Why would that be a problem? It's just a number to identify the post in the database. It has no meaning.
    If for some reason you want to show numbers without gaps on your website, you can always increase a counter while you loop through the result set.
    Quote Originally Posted by RyanReese View Post
    I could remove the auto increment feature, find the last number submitted and ++ it...should I do that?
    I'd say no. You could do that if you're the only one entering data in that table, because you won't have the risk of simultaneous entries that cause a duplicate key. But as I said before, why would you?

  18. #18
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    I display the 5 most recent blog articles based by the postnumber auto incremenet column. If it sees I have #5, it will find 1-2-3-4-5. If 3 was absent due to a deletion in the database, it'll display empty content for that section.

    And yes, I'll be the only one submitting the articles.
    Always looking for web design/development work.
    http://www.CodeFundamentals.com

  19. #19
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,273
    Mentioned
    60 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by RyanReese View Post
    I display the 5 most recent blog articles based by the postnumber auto incremenet column.
    better idea: the 5 most recent blog posts based on datetime posted
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  20. #20
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by RyanReese View Post
    I display the 5 most recent blog articles based by the postnumber auto incremenet column. If it sees I have #5, it will find 1-2-3-4-5. If 3 was absent due to a deletion in the database, it'll display empty content for that section.
    The 5 most recent, based on autoincremental number or on datetime posted as Rudy says. But what you are describing here looks like a flaw in your logic. Would you mind posting some code?

  21. #21
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,840
    Mentioned
    73 Post(s)
    Tagged
    6 Thread(s)
    @RyanReese

    [quote[
    I display the 5 most recent blog articles based by the postnumber auto incremenet column.
    If it sees I have #5, it will find 1-2-3-4-5. If 3 was absent due to a deletion in the database, it'll display empty content for that section.

    [/quote]

    The 5 most recent blog articles:
    PHP Code:

    $sql 
    "
        SELECT PostNumber, DateTime, Content 
        FROM 
    $tableName
        ORDER BY PostNumber DESC
        LIMIT 0,5
    "
    ;

    $result mysql_query$sql );
    if (!
    $result) {
      echo 
    PostNumber;
      echo 
    "<br>";
      echo 
    DateTime;
      echo 
    "<br>";
      echo 
    Content
      
    echo "<br>";
      echo 
    "<br>";
    }
    die; 
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Patche on earning Member of the Month for July 2014

  22. #22
    billycundiff{float:left;} silver trophybronze trophy RyanReese's Avatar
    Join Date
    Oct 2008
    Location
    Whiteford, Maryland, United States
    Posts
    13,624
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r937 View Post
    better idea: the 5 most recent blog posts based on datetime posted
    That's extremely smart. I will just have to live with the database being out of wack with potential strays of numbers missing. Heck, I don't even need that column actualy anymore now with Rudys advice.

    I have a race to run tomorrow+getting glasses, but I'll try to put some time to update the code by Sunday. Thanks .
    Always looking for web design/development work.
    http://www.CodeFundamentals.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •