Jump to content

Getting mysql syntax error when inserting php value in database..?

jdock1

By jdock1
in PHP Coding Help

 Share

Recommended Posts

jdock1 Regular Member

jdock1

Posted
Posted

 

 

Im building a list of offers and adding them to a table in a database.

 

Pretty much all it is is HTML. Im inserting an ahref link that has a php echo in it. So it looks like this:

 

<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>

 

When I insert this (through my form) I get mysql error 1064 which is syntax error. I tested it without the php & it gives me 0, which worked fine.

 

I need the php code so I can append userid to the SID var.

 

Am I doing something wrong? Well I guess I obviously am so the real question is what am I doing wrong & how could I do it the right way?

 

Thanks guys

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

Perhaps showing us the SQL query that is throwing the error might help.

Perhaps showing us the SQL query that is throwing the error might help.

$query = "INSERT INTO offers VALUES ('$offer')";

 

I dont think this would be the problem? Its a simple insert. Idk I am inserting it through a textarea , which is where I get $offer from $_POST

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

Does your 'offers' table only contain the 1 field?

Can you show the whole code where $offer is set?

Also post the entire mysql error you are receiving, it will usually tell you where the syntax error in the query is occurring

Yes sorry here it is

 

& yeah it does only contact 1 field

 

<?php
$offer = $_POST['offer'];
$query = "INSERT INTO offers VALUES ('$offer')";



?>
<b><a href="http://site.com/admin/template.txt" target="_new">Current offer template</a></b>
<form action="" method="post">

<textarea name="offer" cols="50" rows="15"></textarea>
<br><br>
<input type="submit" value="Insert" name="insert" />
</form>
</font>

<?php
if ($_POST['insert'] == "Insert")
{
mysql_query($query,$link);
echo mysql_errno($link);
#echo "<br><font size='5' color='#00CC00'>Offer successfully added.</font><br>";	
}
?>

& I am only getting the error output as "1064". Idk any other mysql error tracking code on the top of my head so I just use that

 

but like I said when I do it without the php code I get 0 & it inserts in the database succesfully

 

thanks!

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

Just to clarify, are you typing

<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>

into your textarea?

 

Yes I am. Thats what I need inserted in the database. I need to be able to add offers through a database and echo out the results so I can order them & easily delete them. Instead of putting it all on a static page. Its just so much easier. I need to insert the code through a form.

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

You are not escaping the $offer variable.

If you were to echo the $query string you will see why you are getting a syntax error.

$query = "INSERT INTO offers VALUES ('$offer')";
echo  $query;
// The result would be
// INSERT INTO offers VALUES ('<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>')

Typing in $_SESSION['uid'] into the text field will, as thorpe pointed out, just be a string, there would be no execution of that piece of code.

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

I need to insert the code through a form.

 

PHP code won't execute from within a database though. It's just a string. Why are you passing the session id around through the querystring anyway?

 

Yes your right I just realized that. I inserted the code through PHPmyadmin successfully but when I echod the results on my site I saw that it didnt execute.

 

Im just passing a session variable because the links Im using through my advertising network needs the userid appended to the URL so it can postback to my site saying userid completed the offer so my script can credit the user. Its for my "points" site. Im just looking for an easier way to add offers.

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

You are not escaping the $offer variable.

If you were to echo the $query string you will see why you are getting a syntax error.

$query = "INSERT INTO offers VALUES ('$offer')";
echo  $query;
// The result would be
// INSERT INTO offers VALUES ('<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>')

Typing in $_SESSION['uid'] into the text field will, as thorpe pointed out, just be a string, there would be no execution of that piece of code.

 

Ic. Thank you. So my new question would be, how can I possibly do this? The code is not executing. I need the session appended to the end of the URL. This isn't possible then? PHP cannot execute through echoing the database results?

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

You could save the string as a formatted string, then when the row is returned you can insert the $_SESSION['uid'] on display.

<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=%s">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>

Then when the code is displayed to the user

echo sprintf($query_result,$_SESSION['uid']);

Or something to that effect.

Link to comment
Share on other sites
Drummin Member

Drummin

Posted
Posted

And what does this get you?

<?PHP
$offer="<div class=\"offerlinks\"><a href=\"http://website.com/offer/blahblah&blah=blah&sid=$_SESSION[uid]\">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>";
$offer = mysqli_real_escape_string($offer);
mysql_query("INSERT INTO offers VALUES ('$offer')") or die(mysql_error());
?>

Link to comment
Share on other sites
Drummin Member

Drummin

Posted
Posted

I just created a test DB and added a table called "offers" with the fields `links` and `id` AUTO_INCREMENT.

 

Slight modification to last code posted resulted in correct insert to table.  This is what was added.

<div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=22">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>

I needed to add the $link variable to the mysqli_real_escape_string.  Here's exactly the code I used.

$link = mysqli_connect($host, $login, $pass);
$_SESSION['uid']=22;
$offer="<div class=\"offerlinks\"><a href=\"http://website.com/offer/blahblah&blah=blah&sid=$_SESSION[uid]\">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div>";
$offer = mysqli_real_escape_string($link, $offer);
mysql_query("INSERT INTO offers (links) VALUES ('$offer')") or die(mysql_error());

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.