Why me Syntax error :(

ReignFire

Ok this is quite a long one so prepare to have your eyes burn a tad...im really sorry but there isnt any other way to do this...

I get this error when a gang attempts to accept surrender in the view surrender function...yes its a game 🙂

Here is the error:

QUERY ERROR: You have an error in your SQL syntax; check the manual that

corresponds to your MySQL server version for the right syntax to use near '' at line 1

Query was SELECT * FROM gangwars where warID=

however it isnt line one exactly...



function gang_staff_wardeclare()
{
global $db,$ir,$c,$userid,$gangdata;
if(isset($_POST['subm']))
{
$_POST['gang'] = abs((int) $_POST['gang']);
$db->query("INSERT INTO gangwars VALUES('',{$ir['gang']},{$_POST['gang']},unix_timestamp())");
$ggq=$db->query("SELECT * FROM gangs WHERE gangID={$_POST['gang']}");
$them=$db->fetch_row($ggq);
$event=str_replace("'","''","<a href='gangs.php?action=view&ID={$ir['gang']}'>{$gangdata['gangNAME']}</a> declared war on <a href='gangs.php?action=view&ID={$_POST['gang']}'>{$them['gangNAME']}</a>");
$db->query("INSERT INTO gangevents VALUES('',{$ir['gang']},unix_timestamp(),'$event') , ('',{$_POST['gang']},unix_timestamp(),'$event')");
print "You have declared war!";
}
else
{
print "<form action='yourgang.php?action=staff&act2=declare' method='post'>
Choose who to declare war on.<br />
<input type='hidden' name='subm' value='submit' />
Gang: <select name='gang' type='dropdown'>";
$q=$db->query("SELECT * FROM gangs WHERE gangID != {$ir['gang']}");
while($r=$db->fetch_row($q))
{
print "<option value='{$r['gangID']}'>{$r['gangNAME']}</option>\n";
}
print "</select><br />
<input type='submit' value='Declare' /></form>";
}
}
function gang_staff_surrender()
{
global $db,$ir,$c,$userid,$gangdata;
if(!isset($_POST['subm']))
{
print "<form action='yourgang.php?action=staff&act2=surrender' method='post'>
Choose who to surrender to.<br />
<input type='hidden' name='subm' value='submit' />
Gang: <select name='war' type='dropdown'>";
$wq=$db->query("SELECT * FROM gangwars where warDECLARER={$ir['gang']} or warDECLARED={$ir['gang']}");

while($r=$db->fetch_row($wq))
{
if($gangdata['gangID'] == $r['warDECLARER']) { $w="You";$f="warDECLARED"; } else { $w="Them";$f="warDECLARER"; }
$d=date('F j, Y, g:i:s a',$r['warTIME']);
$ggq=$db->query("SELECT * FROM gangs WHERE gangID=".$r[$f]);
$them=$db->fetch_row($ggq);
print "<option value='{$r['warID']}'>{$them['gangNAME']}</option>";
}
print "</select><br />
Message: <input type='text' name='msg' /><br />
<input type='submit' value='Surrender' /></form>";
}
else
{
$_POST['war'] = abs((int) $_POST['war']);
$wq=$db->query("SELECT * FROM gangwars where warID={$_POST['war']}");
$r=$db->fetch_row($wq);
if($gangdata['gangID'] == $r['warDECLARER']) { $w="You";$f="warDECLARED"; } else { $w="Them";$f="warDECLARER"; }
$db->query("INSERT INTO surrenders VALUES('',{$_POST['war']},{$ir['gang']},".$r[$f].",'{$_POST['msg']}')");
$ggq=$db->query("SELECT * FROM gangs WHERE gangID=".$r[$f]);
$them=$db->fetch_row($ggq);
$event=str_replace("'","''","<a href='gangs.php?action=view&ID={$ir['gang']}'>{$gangdata['gangNAME']}</a> have asked to surrender the war against <a href='gangs.php?action=view&ID={$them['gangID']}'>{$them['gangNAME']}</a>");
$db->query("INSERT INTO gangevents VALUES('',{$ir['gang']},unix_timestamp(),'$event') , ('',".$r[$f].",unix_timestamp(),'$event')");
print "You have asked to surrender.";
}
}
function gang_staff_viewsurrenders()
{
global $db,$ir,$c,$userid,$gangdata;
if(!isset($_POST['subm']))
{
print "<form action='yourgang.php?action=staff&act2=viewsurrenders' method='post'>
Choose who to accept the surrender from.<br />
<input type='hidden' name='subm' value='submit' />
Gang: <select name='sur' type='dropdown'>";
$wq=$db->query("SELECT s.*,w.* FROM surrenders s LEFT JOIN gangwars w ON s.surWAR=w.warID WHERE surTO={$ir['gang']}");

while($r=$db->fetch_row($wq))
{
if($gangdata['gangID'] == $r['warDECLARER']) { $w="You";$f="warDECLARED"; } else { $w="Them";$f="warDECLARER"; }
$ggq=$db->query("SELECT * FROM gangs WHERE gangID=".$r[$f]);
$them=$db->fetch_row($ggq);
print "<option value='{$r['surID']}'>War vs. {$them['gangNAME']} (Msg: {$r['surMSG']})</option>";
}
print "</select><br /><input type='submit' value='Accept Surrender' /></form>";
}
else
{
$_POST['sur'] = abs((int) $_POST['sur']);
$q=$db->query("SELECT surWAR FROM surrenders WHERE surID={$_POST['sur']}");
list($_POST['war']) = $db->fetch_row($q);
$wq=$db->query("SELECT * FROM gangwars where warID={$_POST['war']}");
$r=$db->fetch_row($wq);
if($gangdata['gangID'] == $r['warDECLARER']) { $w="You";$f="warDECLARED"; } else { $w="Them";$f="warDECLARER"; }
$db->query("DELETE FROM surrenders WHERE surID={$_POST['sur']}");
$db->query("DELETE FROM gangwars WHERE warID={$_POST['war']}");
$ggq=$db->query("SELECT * FROM gangs WHERE gangID=".$r[$f]);
$them=$db->fetch_row($ggq);
$event=str_replace("'","''","<a href='gangs.php?action=view&ID={$ir['gang']}'>{$gangdata['gangNAME']}</a> have accepted the surrender from <a href='gangs.php?action=view&ID={$them['gangID']}'>{$them['gangNAME']}</a>, the war is over!");
$db->query("INSERT INTO gangevents VALUES('',{$ir['gang']},unix_timestamp(),'$event') , ('',".$r[$f].",unix_timestamp(),'$event')");
print "You have accepted surrender, the war is over.";
}
}

NogDog

It's line 1 of the query, not line 1 of your code (the error message is from DBMS, not from PHP). My best guess is that $_POST['war'] is not set/empty.

ReignFire

Thats what i looked at first, but it is defined farther up, and it is called on in several other lines in the code successfuly...which is where im baffled!

NogDog

All I can suggest is to add some debug code where the error occurs to find out what the value of that variable is. One thing I like to do is assign my SQL string to a variable, then use that variable in the query() command instead of typing it out directly in the function arguments. That way if it fails, you can echo/log the SQL variable to see exactly what was submitted to the database:

$sql = "SELECT * FROM foo WHER bar = " . $bar;
$result = mysql_query($sql);
if($result == false)
{
   error_log(mysql_error()."\n$sql\n".print_r(debug_print_backtrace(),1));
   die("Database error, details have been logged.");
}

This may be something you need to add to your database class, perhaps with a debug flag that determines whether the error data is logged or echoed.

NogDog

PS: It's not a good idea to be using unsanitized $_POST values directly in your queries due to the danger of SQL injection issues.

ReignFire

i appreciate the heads up...but i am a crappy coder 🙂 honestly i dont know what im doing most of the time and am guessing my way through it. so if i sound like a moron and my code is crap...its because i am a moron and my code is crap 🙂 LOL!!! no excuses from me

jkurrle

In complex scripts, I like to build in a debug function. Basically, in the beginning of the script, I put something like this:

$DEBUG="NO";

But later, throughout the code, wherever a variable is declared or modified, I add a snippet of code like this:

if ($DEBUG=="YES") echo "Variable VAR_NAME is value $VAR_NAME <br /> \n";

This way, you see exactly what is going on throughout all your code. Once you have found the error, simply set $DEBUG back to NO and the debug information is no longer displayed.

On the down side of this, you are putting in a lot of conditional tests into your script, which could potentially slow it down. I've never noticed it myself, but on scripts with heavier loads, it could be eventually noticeable. I'd say, once the script is solid and bullet-proof, search out the DEBUG lines and strip them out.

ReignFire

i will certainly give that a try...i appreciate ALL the help 🙂