Query Was Empty??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tomsace
Forum Contributor
Posts: 167
Joined: Thu Jan 01, 2009 8:07 pm

Query Was Empty??

Post by tomsace »

Hey,
Trying to create a form to edit my mysql table from a webpage.
I keep receiving the error "Query was empty"..
I have re-read it all for hours and can't find the error myself.

Here is my code if anyone can spot it...

Code: Select all

<?php
if (isset($_REQUEST['Submit'])) {
$result = "UPDATE $db_table(idname,title,description,instructions,certification,author,authorwebsite,width,height,day,month,year,category,hits)
VALUES('$_POST[idname]', '$_POST[title]', '$_POST[description]', '$_POST[instructions]', '$_POST[certification]', '$_POST[author]', '$_POST[authorwebsite]', '$_POST[width]', '$_POST[height]', '$_POST[day]', '$_POST[month]', '$_POST[year]', '$_POST[category]', '$_POST[hits]')";
if($result = mysql_query($sql ,$db)) {
echo '<center><h1>Thank you</h1>Your information has been updated';
} else {
echo "ERROR: ".mysql_error();
}}
else {
?>
<?php
$id=mysql_real_escape_string($_GET['id']);
// Performing SQL query
$query = ("SELECT * FROM games WHERE id = '$id'") or die(mysql_error()); 
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
 
// Printing results in HTML
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { ?>
Thanks alot.
Last edited by Benjamin on Tue Apr 28, 2009 4:29 pm, edited 1 time in total.
Reason: Changed code type from text to php, added spaces so lines can wrap.
tomsace
Forum Contributor
Posts: 167
Joined: Thu Jan 01, 2009 8:07 pm

Re: Query Was Empty??

Post by tomsace »

Hey,
Tried changing what you pointed out and got this:

Code: Select all

<?php
if (isset($_REQUEST['Submit'])) {
$result = mysql_query("UPDATE $db_table(idname,title,description,instructions,certification,author,authorwebsite,width,height,day,month,year,category,hits)
VALUES('$_POST[idname]','$_POST[title]','$_POST[description]','$_POST[instructions]','$_POST[certification]','$_POST[author]','$_POST[authorwebsite]','$_POST[width]','$_POST[height]','$_POST[day]','$_POST[month]','$_POST[year]','$_POST[category]','$_POST[hits]')");
if($result = mysql_query($result ,$db)) {
echo '<center><h1>Thank you</h1>Your information has been updated';
} else {
echo "ERROR: ".mysql_error();
}}
else {
?>
<?php
$id=mysql_real_escape_string($_GET['id']);
// Performing SQL query
$query = ("SELECT * FROM games WHERE id = '$id'") or die(mysql_error()); 
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
 
// Printing results in HTML
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { ?>
But still the same error??
Last edited by Benjamin on Tue Apr 28, 2009 6:06 pm, edited 1 time in total.
Reason: Changed code type from text to php.
tomsace
Forum Contributor
Posts: 167
Joined: Thu Jan 01, 2009 8:07 pm

Re: Query Was Empty??

Post by tomsace »

Any ideas anyone?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Query Was Empty??

Post by califdon »

Put a space after VALUES .

Assign the SQL string to a variable, don't hard code it in the mysql_query() function.

You're still confused about what $result is. You have to be clear in your mind about what the SQL string is, what the pointer to the results array is, and what you are testing to see if the query was successful.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Query Was Empty??

Post by Benjamin »

@tomsace, I'd like to see you apply a little bit more effort to solving your problems. Here's the deal. There are numerous issues with your code. The logic is flawed, it's vulnerable to sql injection, there is no indentation and it's quite obvious you haven't paid much attention to what you have written, but you want us to fix it.

So with that said, you need to read up on the logic behind database connections and querying. Here's a good start:

mysql_connect();
mysql_query()

Compare the examples to your implementation and it should become obvious what the problem is.

Additionally, your queries will continue to fail and are a huge security hole because you aren't preparing the input data for use in a database query. This is not an option, it's a must. So here's another link that you can study.

mysql_real_escape_string()

What I would really like to see is you solve this problem by yourself. You're halfway there. Show me what you can do.
Post Reply