syntax error to use near ''' at line 1????

djkoe

Hi,
i have a upload script, but for some reason he gives:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

So what to do? maybe some1 can help?
code:

<?php
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "upload_files/";
$upload_url = $url_dir."/upload_files/";
$message ="";

//create upload_files directory if not exist
//If it does not work, create on your own and change permission.
if (!is_dir("upload_files")) {
	die ("upload_files directory doesn't exist");
}

if ($_FILES['userfile']) {
	$message = do_upload($upload_dir, $upload_url);
}
else {
	$message = "Invalid File Specified.";
}
if ($_POST["voegtoe"] == 1) { 
mysql_connect('localhost','root','');
mysql_select_db('msn');
$query = "INSERT INTO mdp (userfile,titel) ";
$query .= "VALUES  ('";
$query .= $_POST["userfile"] ."', '" ;
$query .= $_POST["titel"] ."', '" ;
mysql_query($query) or die(mysql_error()); 
echo ("Bedankt voor het toevoegen van een nieuw msn plaatje!<BR>");
print $message;


function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name']; 
$file_type = $_FILES['userfile']['type']; 
$file_size = $_FILES['userfile']['size']; 
$result    = $_FILES['userfile']['error'];
$file_url  = $upload_url.$file_name;
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") { 
	$message = "Invalid File Name Specified";
	return $message;
}
//File Size Check
else if ( $file_size > 500000) {
    $message = "The file size is over 500K.";
    return $message;
}
//File Type Check
else if ( $file_type == "text/plain" ) {
    $message = "Sorry, You cannot upload any script file" ;
    return $message;
}

$result  =  move_uploaded_file($temp_name, $file_path);
$message = ($result)?"<img src=$file_url>" :
	      "Somthing is wrong with uploading a file.";

return $message;
}
?>
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
<table border="0">  

<tr> 
    <td width="15%" valign="top" align="right">Plaatje:</td> 
    <td width="119%"><input type="file" id="userfile" name="userfile"> </td> 
  </tr> 
<tr> 
    <td width="15%" valign="top" align="right">Titel:</td> 
    <td width="119%"><input type="text" name="titel" size="27"> </td> 
  </tr><tr> 
    <td width="67%"><input type="reset" value="Invoer wissen" name="B2"></td> 
  </tr> 
</table> 
  <input type="submit" name="upload" value="Upload">

</form>

DeadFly

You don't have a closing bracket to close one of your if statements.

Try this :

<?php 
	$site_name = $_SERVER['HTTP_HOST']; 
	$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); 
	$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; 

$upload_dir = "upload_files/"; 
$upload_url = $url_dir."/upload_files/"; 
$message =""; 

//create upload_files directory if not exist 
//If it does not work, create on your own and change permission. 
if (!is_dir("upload_files")) { 
    die ("upload_files directory doesn't exist"); 
} 

if ($_FILES['userfile']) { 
    $message = do_upload($upload_dir, $upload_url); 
} 
else { 
    $message = "Invalid File Specified."; 
} 
if ($_POST["voegtoe"] == 1) {  
	mysql_connect('localhost','root',''); 
	mysql_select_db('msn'); 
	$query = "INSERT INTO mdp (userfile,titel) VALUES ('".$_POST["userfile"]."','".$_POST["titel"].")";
	mysql_query($query) or die(mysql_error());  
	echo ("Bedankt voor het toevoegen van een nieuw msn plaatje!<BR>"); 
	print $message; 
} ##### missing this closing bracket #####


function do_upload($upload_dir, $upload_url) { 

    $temp_name = $_FILES['userfile']['tmp_name']; 
    $file_name = $_FILES['userfile']['name'];  
    $file_type = $_FILES['userfile']['type'];  
    $file_size = $_FILES['userfile']['size'];  
    $result    = $_FILES['userfile']['error']; 
    $file_url  = $upload_url.$file_name; 
    $file_path = $upload_dir.$file_name; 

    //File Name Check 
    if ( $file_name =="") {  
        $message = "Invalid File Name Specified"; 
        return $message; 
    } 
    //File Size Check 
    else if ( $file_size > 500000) { 
        $message = "The file size is over 500K."; 
        return $message; 
    } 
    //File Type Check 
    else if ( $file_type == "text/plain" ) { 
        $message = "Sorry, You cannot upload any script file" ; 
        return $message; 
    } 

    $result  =  move_uploaded_file($temp_name, $file_path); 
    $message = ($result)?"<img src=$file_url>" : 
              "Somthing is wrong with uploading a file."; 

    return $message; 
} 
?> 
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post"> 
<table border="0">   

<tr> 
    <td width="15%" valign="top" align="right">Plaatje:</td> 
    <td width="119%"><input type="file" id="userfile" name="userfile"> </td> 
  </tr> 
<tr> 
    <td width="15%" valign="top" align="right">Titel:</td> 
    <td width="119%"><input type="text" name="titel" size="27"> </td> 
  </tr><tr> 
    <td width="67%"><input type="reset" value="Invoer wissen" name="B2"></td> 
  </tr> 
</table> 
  <input type="submit" name="upload" value="Upload"> 

</form>

yelvington

The error message means exactly what it says. You have an error in the SQL you created here:

$query = "INSERT INTO mdp (userfile,titel) ";
$query .= "VALUES ('";
$query .= $POST["userfile"] ."', '" ;
$query .= $POST["titel"] ."', '" ;

Your first step in debugging such a problem should always be to print out the resulting string and look closely at it.

Your query evaluates to:

INSERT INTO mdp (userfile,titel) VALUES ('foo', 'bar', '

... which of course MySQL is going to reject.

djkoe

.. that doesnt help. what is my code for the mysql that does works?

lilleman

$query = "INSERT INTO mdp (userfile,titel) ";
$query .= "VALUES  ('";
$query .= $_POST["userfile"] ."', '" ;
$query .= $_POST["titel"] ."')" ;

zdislaw

Originally posted by djkoe
.. that doesnt help. what is my code for the mysql that does works?

Hmmm...way to encourage people to help you in the future. If you're just looking for the solution and not a nod in the right direction, which is a bit more what you should expect from this board, then you should probably state that in your request.

Both yelvington and DeadFly helped you (whether you were able to recognize that or not) with no thanks at all. Honestly, I'm surprised that you ended up with the solution you wanted.

djkoe

dude, im dutch, the time zone is here different.
when i asked what the code was it was late by me.
im awake now and ive fixed the problem thanx to you all.
thanx alot!