« previous next »
Pages: [1]

Author Topic: Cant figure why this mysql giving me a errorr?  (Read 241 times)

0 Members and 1 Guest are viewing this topic.

Offline monkuarTopic starter

  • Enthusiast
  • Posts: 412
    • View Profile
Cant figure why this mysql giving me a errorr?
« on: June 28, 2009, 07:30:49 AM »
Code: [Select]
for ($a=0;$a<$num;$a++)
    {
        $DB->query("INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '". mysql_real_escape_string($product["productid"]) ."','". mysql_real_escape_string($ibforums->member["id"]) .",'". mysql_real_escape_string($product["price"]) ."')");
    }
im using mysql real escape against for hackers..

but it's giving me a error:





mySQL query error: INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '10','1,'0')

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0')' at line 1
mySQL error code:
Date: Sunday 28th 2009f June 2009 07:29:54 AM
Logged
I learn more on this site then I did in K-12 Grade..

Offline Dj Kat

  • Addict
  • Posts: 1,507
  • Gender: Male
    • View Profile
Re: Cant figure why this mysql giving me a errorr?
« Reply #1 on: June 28, 2009, 07:34:39 AM »
just looking at the following query in your error it seems you forgot a single quote

INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '10','1','0')

and btw if the id's are only suppose to be numbers/integers your better of checking if those values are indeed numbers/integers instead of using mysql_real_escape_string
Logged

Offline monkuarTopic starter

  • Enthusiast
  • Posts: 412
    • View Profile
Re: Cant figure why this mysql giving me a errorr?
« Reply #2 on: June 28, 2009, 07:38:14 AM »
Is that security risk?

I use this:

for each variable
good enough?

Code: [Select]
$id = $ibforums->input["id"];
$num = $ibforums->input["num"];
if (isset($id)){
if (is_numeric($id)) {

} else {
die("Your ip has been saved in the Database and will be reported to your ISP.");
}
}
if (isset($num)){
if (is_numeric($num)) {

} else {
die("Your ip has been saved in the Database and will be reported to your ISP.");
}
}
my code is from 2002 but i enchance it alittle each time :D
Logged
I learn more on this site then I did in K-12 Grade..

Offline wildteen88

  • Guru
  • 'Insane!'
  • *
  • Posts: 12,021
  • Gender: Male
    • View Profile
Re: Cant figure why this mysql giving me a errorr?
« Reply #3 on: June 28, 2009, 07:47:27 AM »
Having empty if statements is pointless. You're better of doing

if (isset($ibforums->input["id"], $ibforums->input["num"])) {
    if(!is_numeric($ibforums->input["id"]) && !is_numeric($ibforums->input["num"])) {
        die("Your ip has been saved in the Database and will be reported to your ISP.");
   }

   $id $ibforums->input["id"];
   $num $ibforums->input["num"];
}
Logged

Offline GingerRobot

  • Guru
  • Fanatic
  • *
  • Posts: 4,133
  • Gender: Male
  • Call me Ben
    • View Profile
Re: Cant figure why this mysql giving me a errorr?
« Reply #4 on: June 28, 2009, 09:16:56 AM »
Learn something new every day. I didn't know isset() could take a variable number of arguments.
Logged
Pages: [1]
« previous next »