pingeyeg
asked on
Error in sql syntax
What seems to be wrong with this sql statement?
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
$strSQL_Delete = mysql_query("DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID']) or die(mysql_error());
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
$strSQL_Delete = mysql_query("DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID']) or die(mysql_error());
"
DELETE FROM tblReviews WHERE strCompanyname =
'
"
. $_POST['strCompanyname'] .
"
'
and
reviewID =
"
. $_POST['reviewID']
I've separated out where you have single and double quotes mixed together. As you can see, the structure doesn't make sense. What you probably mean to do is
"DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID']
It would be much easier for you if you would use the syntax
$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID'];
$strSQL_Delete = mysql_query($sqlquery) or die(mysql_error());
DELETE FROM tblReviews WHERE strCompanyname =
'
"
. $_POST['strCompanyname'] .
"
'
and
reviewID =
"
. $_POST['reviewID']
I've separated out where you have single and double quotes mixed together. As you can see, the structure doesn't make sense. What you probably mean to do is
"DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID']
It would be much easier for you if you would use the syntax
$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID'];
$strSQL_Delete = mysql_query($sqlquery) or die(mysql_error());
Oops, you do need the single quotes also:
$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname']' " . " and reviewID =" . $_POST['reviewID'];
$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname']' " . " and reviewID =" . $_POST['reviewID'];
ASKER
Either way I code it, I still get the same error message.
ASKER
I know that. I kept them in. Thanks though.
@yodercm:
strCompanyname = ' " . $_POST['strCompanyname']' "
This will result in mis-matched singe quotes. You have the first single quote inside the double-quoted string, but the second occurs outside of it. pingeyeg had it correct the first time, as far as I can tell.
strCompanyname = ' " . $_POST['strCompanyname']' "
This will result in mis-matched singe quotes. You have the first single quote inside the double-quoted string, but the second occurs outside of it. pingeyeg had it correct the first time, as far as I can tell.
ASKER
This is what I have right now, but like I said I get the same error message:
$strSQL_Delete = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID'];
$SQL = mysql_query($strSQL_Delete ) or die(mysql_error());
$strSQL_Delete = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID'];
$SQL = mysql_query($strSQL_Delete
Change:
$SQL = mysql_query($strSQL_Delete ) or die(mysql_error());
to:
$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());
so that we can see the entire SQL query as it is submitted to the server. We don't currently know what is contained in '$_POST['strCompanyname']' and '$_POST['reviewID']', so we cannot accurately troubleshoot the statement.
$SQL = mysql_query($strSQL_Delete
to:
$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());
so that we can see the entire SQL query as it is submitted to the server. We don't currently know what is contained in '$_POST['strCompanyname']'
Or rather:
$SQL = mysql_query($strSQL_Delete ) or die ("The following query failed: $strSQL_Delete. <br /> The MySQL error was: " . mysql_error());
(Sorry, I had the variable names wrong the first time).
$SQL = mysql_query($strSQL_Delete
(Sorry, I had the variable names wrong the first time).
ASKER
Not sure why I am not getting the values from the variables, but this is my result:
The following query failed: DELETE FROM tblReviews WHERE strCompanyname = '' and reviewID =.
The MySQL error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
The following query failed: DELETE FROM tblReviews WHERE strCompanyname = '' and reviewID =.
The MySQL error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Do you want us to take a look at that part of the code, or will you troubleshoot that?
Make sure that the form that posts the data is using 'method="POST"', and that the field names are correct.
Make sure that the form that posts the data is using 'method="POST"', and that the field names are correct.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I'm no longer getting an error, but the requested review isn't being deleted either.
ASKER
Ok, right now I got the company to show, but the reviewID is showing as reviewID instead of a number when displaying the sql statement.
DELETE FROM tblReviews WHERE strCompanyname = 'Plumbing When You Need It' and reviewID = 'reviewID'
DELETE FROM tblReviews WHERE strCompanyname = 'Plumbing When You Need It' and reviewID = 'reviewID'
$inputcompanyname = htmlentities($_POST['strCo mpanyname' ],ENT_QUOT ES);
$inputreviewID = htmlentities($_POST['revie wID'],ENT_ QUOTES);
echo "input company name = $inputcompanyname <br>";
echo "input review ID = $inputreviewID <br>";
See if the values are correct.
$inputreviewID = htmlentities($_POST['revie
echo "input company name = $inputcompanyname <br>";
echo "input review ID = $inputreviewID <br>";
See if the values are correct.
ASKER
Nope:
input company name = Plumbing When You Need It
input review ID = reviewID
input company name = Plumbing When You Need It
input review ID = reviewID
So, you are getting the string "reviewID" instead of the correct ID number. Fix that in your form input.
ASKER
Nevermind, I got it. Thanks!
$query = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' AND reviewID =" . $_POST['reviewID'];
$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());
This seperates the query string from the mysql_query statement so that we can see exactly what is being submitted. There is a possibility that one of the $_POST variables you are submitting has an errant quote in it.