Page 1 of 1

Query Was Empty??

Posted: Tue Apr 28, 2009 3:50 pm
by tomsace
Hey,
Trying to create a form to edit my mysql table from a webpage.
I keep receiving the error "Query was empty"..
I have re-read it all for hours and can't find the error myself.

Here is my code if anyone can spot it...

Code: Select all

<?php
if (isset($_REQUEST['Submit'])) {
$result = "UPDATE $db_table(idname,title,description,instructions,certification,author,authorwebsite,width,height,day,month,year,category,hits)
VALUES('$_POST[idname]', '$_POST[title]', '$_POST[description]', '$_POST[instructions]', '$_POST[certification]', '$_POST[author]', '$_POST[authorwebsite]', '$_POST[width]', '$_POST[height]', '$_POST[day]', '$_POST[month]', '$_POST[year]', '$_POST[category]', '$_POST[hits]')";
if($result = mysql_query($sql ,$db)) {
echo '<center><h1>Thank you</h1>Your information has been updated';
} else {
echo "ERROR: ".mysql_error();
}}
else {
?>
<?php
$id=mysql_real_escape_string($_GET['id']);
// Performing SQL query
$query = ("SELECT * FROM games WHERE id = '$id'") or die(mysql_error()); 
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
 
// Printing results in HTML
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { ?>
Thanks alot.

Re: Query Was Empty??

Posted: Tue Apr 28, 2009 6:05 pm
by tomsace
Hey,
Tried changing what you pointed out and got this:

Code: Select all

<?php
if (isset($_REQUEST['Submit'])) {
$result = mysql_query("UPDATE $db_table(idname,title,description,instructions,certification,author,authorwebsite,width,height,day,month,year,category,hits)
VALUES('$_POST[idname]','$_POST[title]','$_POST[description]','$_POST[instructions]','$_POST[certification]','$_POST[author]','$_POST[authorwebsite]','$_POST[width]','$_POST[height]','$_POST[day]','$_POST[month]','$_POST[year]','$_POST[category]','$_POST[hits]')");
if($result = mysql_query($result ,$db)) {
echo '<center><h1>Thank you</h1>Your information has been updated';
} else {
echo "ERROR: ".mysql_error();
}}
else {
?>
<?php
$id=mysql_real_escape_string($_GET['id']);
// Performing SQL query
$query = ("SELECT * FROM games WHERE id = '$id'") or die(mysql_error()); 
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
 
// Printing results in HTML
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { ?>
But still the same error??

Re: Query Was Empty??

Posted: Wed Apr 29, 2009 2:10 pm
by tomsace
Any ideas anyone?

Re: Query Was Empty??

Posted: Wed Apr 29, 2009 2:56 pm
by califdon
Put a space after VALUES .

Assign the SQL string to a variable, don't hard code it in the mysql_query() function.

You're still confused about what $result is. You have to be clear in your mind about what the SQL string is, what the pointer to the results array is, and what you are testing to see if the query was successful.

Re: Query Was Empty??

Posted: Wed Apr 29, 2009 4:10 pm
by Benjamin
@tomsace, I'd like to see you apply a little bit more effort to solving your problems. Here's the deal. There are numerous issues with your code. The logic is flawed, it's vulnerable to sql injection, there is no indentation and it's quite obvious you haven't paid much attention to what you have written, but you want us to fix it.

So with that said, you need to read up on the logic behind database connections and querying. Here's a good start:

mysql_connect();
mysql_query()

Compare the examples to your implementation and it should become obvious what the problem is.

Additionally, your queries will continue to fail and are a huge security hole because you aren't preparing the input data for use in a database query. This is not an option, it's a must. So here's another link that you can study.

mysql_real_escape_string()

What I would really like to see is you solve this problem by yourself. You're halfway there. Show me what you can do.