Page 1 of 1

WHERE ID= error

Posted: Tue Jul 09, 2002 9:02 pm
by MonkeyManx
I am having trouble with this code. all it is supposed to do is act as a counter and a score keeper, for a rating script.
I always get this error: You have an error in your SQL syntax near 'WHERE ID=''' at line 1Error: 1
someone please help me or show me what i am doing wrong.

here is the code:

Code: Select all

<?
if ($SCORE > 10) &#123;
echo "NO GOOD CHEATER!";
exit;
&#125; else &#123;

$PASS = "*****";

// DB connection information 
$connection = mysql_connect("localhost", "cekkent", $PASS);
$db = mysql_select_db("cekkent", $connection); 

// SQL Query 

$result=mysql_query ("select * from rate where ID='$ID'") or die (mysql_error()); 
while($row=mysql_fetch_array($result))&#123; 

// Make that Mofo do something

$VOTES = $row&#1111;"VOTES"];
$VOTES=$VOTES+1;

&#125;
$result = mysql_query("UPDATE rate SET VOTES=$VOTES WHERE ID='$ID'"); 
if(!$result) &#123; 
   die("<b>Error:</b> " . print mysql_error()); 
   exit; 
&#125; elseif($result) &#123; 

    print "Continue1"; 
&#125; 

$result=mysql_query ("select * from rate where ID='$ID'") or die (mysql_error()); 
while($row=mysql_fetch_array($result))&#123; 

// Make that Mofo do something

$SCORE1 = $row&#1111;"SCORE"];
$SCORE=$SCORE1+$SCORE;
&#125;
$result = mysql_query("UPDATE rate SET SCORE=$SCORE where ID='$ID'"); 
if(!$result) &#123; 
   die("<b>Error:</b> " . print mysql_error()); 
   exit; 
&#125; elseif($result) &#123; 
mysql_close ($connection);
    print " Continue2"; 
&#125; 
&#125;
?>

Posted: Wed Jul 10, 2002 2:15 am
by twigletmac
It may help if you echo out your SQL statements so that you can check there's nothing wrong with the data going in, so:

Code: Select all

$sql = "SELECT * FROM rate WHERE ID='$ID'";
echo $sql;
$result=mysql_query ($sql) or die (mysql_error());
Where does the $ID variable come from?

Mac

Posted: Wed Jul 10, 2002 8:05 am
by PaTTeR
$ID may be unset or epmty. If $ID comes from GET or POST request try with $_GET[ID] ($_POST[ID]), or $_COOKIE[ID] .



If your PHP version is earlier than 4.1.0 use $HTTP_*_VARS


Try something like this:

Code: Select all

$result=mysql_query ("select * from rate where ID='$_GET&#1111;ID]'") or die (mysql_error());

Posted: Thu Jul 11, 2002 3:33 am
by mikeq
Strange one this because doing a query like this

select * from rate where ID='';

would just return an empty result set and not an error, so surely if the variable is empty the query would still run, just not return anything.

Are you sure ID is a valid column name in your table?

Mike