Error in my SQL Syntax... appearently

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ibanez270dx
Forum Commoner
Posts: 74
Joined: Thu Jul 27, 2006 12:06 pm
Location: Everywhere, California

Error in my SQL Syntax... appearently

Post by ibanez270dx »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi everyone,
 Thanks for reading my post - I have a problem with a script of mine... I don't exactly know whats wrong - I've done this type of script millions of times, but something just isn't working. Here's the deal: It is a deletion confirmation page, and when I click yes to confirm the delete (in which it should direct to the beginning of the PHP script and follow after the if(isset thing...) However, this is the error message I get: 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Here is the actual button from the confirmation page (HTML)

Code: Select all

Are you sure you want to delete <? echo "$fl_title"; ?> by <? echo "$fl_artist"; ?>?

<form action="<?= $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data" method="post">
<input name="del_file" value="<? echo $id; ?>" type="hidden">
<INPUT type="submit" value="confirm"></form>

<form method="post" action="index2.php">
<INPUT type="submit" value="cancel"></form>
...and here is the php

Code: Select all

<?php

include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
	if($num >= 1)
		{
		 while ($row = mysql_fetch_array($result))  
			{
			 $fl_title = stripslashes($row['fl_title']);
			 $fl_artist = stripslashes($row['fl_artist']);
			 $fl_loc = $row['fl_loc'];
			}
		}	

///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////

if(isset($_POST[del_file]))
	{
	 $sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
	 while ($row = mysql_fetch_array($result)) 
		{
		 $fl_loc = $row['fl_loc'];
		}


if(file_exists($fl_loc))
	 	{	
	 	 unlink($fl_loc);
		} else {
		 echo '<script>alert("The file does not exist.");</script>';
		 echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		 exit;
		}

	 $sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
 
		echo '<script>alert("File Deleted Successfully!");</script>';
		echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		exit;
	}
?>
If anyone can tell me what is going wrong, I would really appreciate it! It seems that even when I get rid of the isset and take away the whole deleting part of the PHP, I still get the same error. Maybe it is something to be changed on the server, but I don't know what. I have other similar scripts that work fine! I'm so confused...

Thanks for your help,
- Jeff

Thanks!






feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
mezise
Forum Newbie
Posts: 17
Joined: Tue Sep 18, 2007 4:38 am

Post by mezise »

Hi Jeff,

in line

Code: Select all

$sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
replace $del_file with mysql_real_escape_string($_POST['del_file'])

The result line should look like this:

Code: Select all

$sql = 'DELETE FROM fruityloops WHERE fl_id = ' . mysql_real_escape_string($_POST['del_file']);
Sorry to pick on the script, but you should improve your style of programming (safety, consistency). Please search through the Web about PHP coding standards. Of course only if you want to pick up your skills ;)

Michal
Paw
Forum Newbie
Posts: 20
Joined: Tue Jul 17, 2007 10:27 am

Re: Error in my SQL Syntax... appearently

Post by Paw »

Hello ibanez!
ibanez270dx wrote:

Code: Select all

<?php

include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
Besides mezise's suggestion of using mysql_real_escape, I wonder, where $id is coming from. If it is not defined in connect.php, you obviously depend on register_globals, which is another PHP programming failure. Current versions of PHP have this option turned off by default, and on many servers it is not available anymore, due to the large exploit impact it caused.
ibanez270dx wrote:

Code: Select all

$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
	if($num >= 1)
		{
		 while ($row = mysql_fetch_array($result))  
			{
			 $fl_title = stripslashes($row['fl_title']);
			 $fl_artist = stripslashes($row['fl_artist']);
			 $fl_loc = $row['fl_loc'];
			}
		}	

///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////

if(isset($_POST[del_file]))
	{
	 $sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
	 while ($row = mysql_fetch_array($result)) 
		{
		 $fl_loc = $row['fl_loc'];
		}


if(file_exists($fl_loc))
	 	{	
	 	 unlink($fl_loc);
		} else {
		 echo '<script>alert("The file does not exist.");</script>';
		 echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		 exit;
		}

	 $sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
Once again, where is '$del_file' defined? I can only see an 'isset($_POST[del_file])' -- by the way, if 'del_file' is not a previously defined constant, this is another programming error. You'd need to put this identifier into quotation marks.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Error in my SQL Syntax... appearently

Post by califdon »

ibanez270dx wrote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
That looks like it's telling you that it found something illegal before the first character of your script. I would make sure that there's not a nonprinting character prior to the first character in your script. In the code that you posted, it looks like maybe there's a blank line before your <? php line. Try removing that line.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Re: Error in my SQL Syntax... appearently

Post by maliskoleather »

califdon wrote:
ibanez270dx wrote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
That looks like it's telling you that it found something illegal before the first character of your script. I would make sure that there's not a nonprinting character prior to the first character in your script. In the code that you posted, it looks like maybe there's a blank line before your <? php line. Try removing that line.
thats just in reference to the SQL that was passed to MySQL, not the actual script itself.
Post Reply