MySQL Syntax

mramonster

What's wrong with my MySQL/php Syntax?

I keep getting my error at the end even without having anything entered. " Fill the form properly
Do not use an apostrophe ( ' ). Use the HTML version: ( ' )"

<?php
$dash = "-";

if (isset($_POST['a_title'])  && isset($_POST['a_desc'])) {

// Connect
$link = mysql_connect('dbinfo', 'dbinfo', 'dbinfo');

$select = mysql_select_db('dbinfo', $link);

if(!is_resource($link)) {

    echo "Failed to connect to the server";

} elseif(!$select) {

    echo "Failed to select database";

} else {

    // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

    if(get_magic_quotes_gpc()) {
        if(ini_get('magic_quotes_sybase')) {
            $a_title		= str_replace("''", "'", $_POST['a_title']);
			$a_desc			= str_replace("''", "'", $_POST['a_desc']);

        } else {
            $a_title		= stripslashes($_POST['a_title']);
			$a_desc			= stripslashes($_POST['a_desc']);
        }
    } else {
		$a_title		= $_POST['a_title'];
		$a_desc			= $_POST['a_desc'];
    }
}}

//Event Adress
$a_site = $_POST['a_site'];

//Added Date
date_default_timezone_set('EST');
$today = date('YmdHis');

    // Make a safe query
    $query = sprintf("INSERT INTO dbinfo 
					(title, desc, site, added) 
			VALUES 	('$a_title', '$a_desc', '$a_site', '$today')",
                mysql_real_escape_string($a_title, $link),
                mysql_real_escape_string($a_desc, $link),
                mysql_real_escape_string($a_site, $link),
                mysql_real_escape_string($$today, $link)
				);

    mysql_query($query, $link);

    if (mysql_affected_rows($link) > 0) {
        echo "Article inserted\n";
    } else {
		echo "Fill the form properly\n";
		echo "<br />Do not use an apostrophe ( ' ).  Use the HTML version: ( <b>&#39;</b> )";
	}


mysql_close($link);
?>

cahva

Atleast the usage of [man]sprintf[/man] is wrong. Also there was a double dollar in $today ($$today).

As you will notice I also stripped $link identifiers. You dont have to use them unless you are using 2 separate connections. So usually they are just wasting space 😉

The query should be:

$query = sprintf("INSERT INTO dbinfo
                        (title, desc, site, added)
                VALUES     ('%s', '%s', '%s', '%s')",
                    mysql_real_escape_string($a_title),
                    mysql_real_escape_string($a_desc),
                    mysql_real_escape_string($a_site),
                    mysql_real_escape_string($today)
                    );

If that doesnt work, you could check with [man]mysql_error[/man] if it gives you error. And by just printing the query and then trying to execute the query straight in mysql(or phpmyadmin whatever) and see what error does it give.

mramonster

I don't know how that extra $ got there in $$today but it's not like that in my script.

I get this error:
Warning: mysql_errno(): supplied argument is not a valid MySQL-Link resource in photo-insert.php on line 120

with line 120 being where the error script is.

echo mysql_errno($query);

I've been trying to figure this out for days and I'm sure it's something really stupid.

cahva

You are tring to get errno from $query which is the query, not result. In order to get the result you have to:

$result = mysql_query($query);
echo mysql_errno($result);

mramonster

I don't know what's going on I've been working on this for days. It's the same script I've been using for other parts of the site, just different info.

:mad:Errors:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/f/t/p/ftp/html/mhm/photos/photo-insert.php on line 81

Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /home/content/f/t/p/ftp/html/mhm/photos/photo-insert.php on line 83
Fill the form properly
Do not use an apostrophe ( ' ). Use the HTML version: ( ' )
Warning: mysql_errno(): supplied argument is not a valid MySQL-Link resource in /home/content/f/t/p/ftp/html/mhm/photos/photo-insert.php on line 91

Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in /home/content/f/t/p/ftp/html/mhm/photos/photo-insert.php on line 93

<?php
    function setinclude(){
        $levels = substr_count($_SERVER['PHP_SELF'],'/');
        $root = '';
        for($i = 1; $i < $levels; $i++){$root .= '../';}   

        set_include_path($root);
    }      

    setinclude();

include ('site/inc/session_start.php');
include ('login/auth.inc');
require_once ('login/settings.php');
require_once ('login/functions.php');

if ( isadmin ( $_SESSION['user_id'] ) ):

$dash = "-";

if (isset($_POST['p_title'])  && isset($_POST['p_event'])  && isset($_POST['p_desc'])) {

// Connect
$link = mysql_connect('localhost', 'dbinfo', 'dbinfo');

$select = mysql_select_db('dbinfo', $link);

if(!is_resource($link)) {

    echo "Failed to connect to the server";

} elseif(!$select) {

    echo "Failed to select database";

} else {

    // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

    if(get_magic_quotes_gpc()) {
        if(ini_get('magic_quotes_sybase')) {
            $p_title		= str_replace("''", "'", $_POST['p_title']);
			$p_event		= str_replace("''", "'", $_POST['p_event']);
            $p_desc			= str_replace("''", "'", $_POST['p_desc']);

        } else {
            $p_title		= stripslashes($_POST['p_title']);
			$p_event		= stripslashes($_POST['p_event']);
            $p_desc			= stripslashes($_POST['p_desc']);
        }
    } else {
		$p_title		= $_POST['p_title'];
		$p_event		= $_POST['p_event'];
		$p_desc			= $_POST['p_desc'];
    }
}}

//
$p_year = $_POST['p_year'];
$p_site = $_POST['p_gallery'];

$titlestrip = eregi_replace("[^a-z0-9.]", "-", $p_title);
$p_url = $titlestrip. $dash. $p_year;

//Added Date
date_default_timezone_set('EST');
$today = date('YmdHis');


    // Make a safe query
    $query = sprintf("INSERT INTO table 
					(title, event, description, year, url, site, added) 
			VALUES 	('$p_title', '$p_event', '$p_desc', '$p_year', '$p_url', '$p_site', '$today')",
                mysql_real_escape_string($p_title),
                mysql_real_escape_string($p_event),
                mysql_real_escape_string($p_desc),
                mysql_real_escape_string($p_year),
                mysql_real_escape_string($p_url),
                mysql_real_escape_string($a_site),
                mysql_real_escape_string($today)
				);

    mysql_query($query, $link);

    if (mysql_affected_rows($link) > 0) {
        echo "Photo inserted\n";
    } else {
		echo "Fill the form properly\n";
		echo "<br />Do not use an apostrophe ( ' ).  Use the HTML version: ( <b>'</b> )";
	}

$result = mysql_query($query);
echo mysql_errno($result); 

mysql_close($link);

include ('admin/admin-link.php');
echo "<a href=\"/photo-submit.php\">Photo Submit</a>";

endif;

?>

cahva

You didnt correct the sprintf as I suggested. Do that and then do this:

mysql_query($query, $link); 

// add this
echo mysql_error();

That should tell you the error.

mramonster

I did and it didn't work either so I rebuilt it from one that is already working and just changed the info to the other database. Here's the one that I have working and haven't had any errors on. I know all this probably makes me look like a fool but I am really confused here to why the old one works and not the new one. I've checked and double checked the database info and rebuilt it several times. I event made it to where I only added 1 field and it still gave me an error.

and honestly I can't see a difference between your version of sprintf and mine except for '%s' instead of '$a_title'.

old original version that works:

<?php
    function setinclude(){
        $levels = substr_count($_SERVER['PHP_SELF'],'/');
        $root = '';
        for($i = 1; $i < $levels; $i++){$root .= '../';}   

        set_include_path($root);
    }      

    setinclude();

include ('site/inc/session_start.php');
include ('login/auth.inc');
require_once ('login/settings.php');
require_once ('login/functions.php');

if ( isadmin ( $_SESSION['user_id'] ) ):

$dash = "-";

if (isset($_POST['a_image'])  && isset($_POST['a_link'])  && isset($_POST['a_alt'])) {

// Connect
$link = mysql_connect('localhost', 'dbinfo', 'dbinfo');

$select = mysql_select_db('dbinfo', $link);

if(!is_resource($link)) {

    echo "Failed to connect to the server";

} elseif(!$select) {

    echo "Failed to select database";

} else {

    // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

    if(get_magic_quotes_gpc()) {
        if(ini_get('magic_quotes_sybase')) {
            $a_image		= str_replace("''", "'", $_POST['a_image']);
			$a_link			= str_replace("''", "'", $_POST['a_link']);
            $a_alt 			= str_replace("''", "'", $_POST['a_alt']);

        } else {
            $a_image		= stripslashes($_POST['a_image']);
			$a_link			= stripslashes($_POST['a_link']);
            $a_alt 			= stripslashes($_POST['a_alt']);
        }
    } else {
		$a_image		= $_POST['a_image'];
		$a_link			= $_POST['a_link'];
		$a_alt 			= $_POST['a_alt'];
    }
}}

//Event Adress
$a_size = $_POST['a_size'];
$a_type = $_POST['a_type'];
$a_site = $_POST['a_site'];

//Added Date
date_default_timezone_set('EST');
$today = date('YmdHis');

    // Make a safe query
    $query = sprintf("INSERT INTO table 
					(image, link, alt, size, type, site, added) 
			VALUES 	('$a_image', '$a_link', '$a_alt', '$a_size', '$a_type', '$a_site', '$today')",
                mysql_real_escape_string($a_image, $link),
                mysql_real_escape_string($a_link, $link),
                mysql_real_escape_string($a_alt, $link),
                mysql_real_escape_string($a_size, $link),
                mysql_real_escape_string($a_type, $link),
                mysql_real_escape_string($e_state, $link),
                mysql_real_escape_string($a_site, $link),
                mysql_real_escape_string($$today, $link)
				);

    mysql_query($query, $link);

    if (mysql_affected_rows($link) > 0) {
        echo "Ad inserted\n";
    } else {
		echo "Fill the form properly\n";
		echo "<br />Do not use an apostrophe ( ' ).  Use the HTML version: ( <b>&#39;</b> )";
	}


mysql_close($link);

include ('admin/admin-link.php');
echo "<a href=\"/ad-submit.php\">Monster Ad Submit</a>";

endif;

?>

cahva

Well if you arent going to use %s in the sprintf, you can just dump the sprintf away because now its the same that you assign it to variable as it is. Now your sprintf is not putting the mysql_real_escape'd versions of the variables. You HAVE to use the %s or else the sprintf wont do the job as it's supposed to do. Read the man page for [man]sprintf[/man] to know how it works.

So if your query doesnt work and doesnt give you mysql_error, just echo the query itself and check that it is valid. Copy paste it to your mysql admin(phpmyadmin,mysqlquerybrowser etc.) and see if it adds a row.